To:
RJ Atkinson <rja@extremenetworks.com>
Cc:
Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Edward Lewis <lewis@tislabs.com>
Date:
Thu, 28 Mar 2002 11:05:52 -0500
In-Reply-To:
<DE4CABF2-4263-11D6-91C6-00039357A82A@extremenetworks.com>
Sender:
owner-keydist@cafax.se
Subject:
Re: Let's assume DNS is involved
Good point. I've been getting hung up on the wrong issues. At 10:52 AM -0500 3/28/02, RJ Atkinson wrote: > I think you'd make more progress if you started with a clear >crisp rationale justifying the premise above. One of the main >problems with the BOF was the lack of justification for the above >premise during the BOF. Someone needs to clearly and crisply >answer the question below (to the satisfaction of most folks, >not necessarily everyone) before working on the mechanical >details of how DNSsec-based key distribution should work: > > What problem is being solved by DNSsec-based distribution > of signed keys that is not equally easily solved by use of > certificates ? And why are certificates not an equally > good solution to that problem ? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NAI Labs Phone: +1 443-259-2352 Email: lewis@tislabs.com Opinions expressed are property of my evil twin, not my employer.