KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: RJ Atkinson <rja@extremenetworks.com>
CC: keydist@cafax.se
From: Stephen Farrell <stephen.farrell@baltimore.ie>
Date: Thu, 04 Apr 2002 17:02:22 +0100
Reply-To: stephen.farrell@baltimore.ie
Sender: owner-keydist@cafax.se
Subject: Re: Let's assume DNS is involved


> I think the original intent was to say that there is no existing
> CA which is definitively authoritative for names where the name
> is an IP address.  

As I said that's true, but the question asked was:

        What problem is being solved by DNSsec-based distribution
        of signed keys that is not equally easily solved by use of
        certificates ?  And why are certificates not an equally
        good solution to that problem ?

In all cases whatever scheme is agreed then has to be deployed,
so the lack of the deployment of a particular variety of X.509 
based PKI doesn't provide an answer.

Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

Follow-Ups:
- Re: Let's assume DNS is involved
  - From: Derek Atkins <warlord@MIT.EDU>
- Re: Let's assume DNS is involved
  - From: Edward Lewis <lewis@tislabs.com>

References:
- Re: Let's assume DNS is involved
  - From: RJ Atkinson <rja@extremenetworks.com>

Prev by Date: Re: Let's assume DNS is involved
Next by Date: Re: Let's assume DNS is involved
Prev by thread: Re: Let's assume DNS is involved
Next by thread: Re: Let's assume DNS is involved
Index(es):
- Date
- Thread

Home | Date list | Subject list