To:
RJ Atkinson <rja@extremenetworks.com>
CC:
keydist@cafax.se
From:
Stephen Farrell <stephen.farrell@baltimore.ie>
Date:
Thu, 04 Apr 2002 17:02:22 +0100
Reply-To:
stephen.farrell@baltimore.ie
Sender:
owner-keydist@cafax.se
Subject:
Re: Let's assume DNS is involved
> I think the original intent was to say that there is no existing > CA which is definitively authoritative for names where the name > is an IP address. As I said that's true, but the question asked was: What problem is being solved by DNSsec-based distribution of signed keys that is not equally easily solved by use of certificates ? And why are certificates not an equally good solution to that problem ? In all cases whatever scheme is agreed then has to be deployed, so the lack of the deployment of a particular variety of X.509 based PKI doesn't provide an answer. Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com