To:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
cc:
Franck Martin <franck@sopac.org>, <keydist@cafax.se>, <openssl-users@openssl.org>, <ietf@ietf.org>, <isdf@isoc.org>
From:
Pekka Savola <pekkas@netcore.fi>
Date:
Sat, 8 Jun 2002 21:31:14 +0300 (EEST)
In-Reply-To:
<200206081716.g58HGdR19062@marajade.sandelman.ottawa.on.ca>
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
On Sat, 8 Jun 2002, Michael Richardson wrote: > >>>>> "Franck" == Franck Martin <franck@sopac.org> writes: > Franck> I was wondering if the best system to build a global PKI wouldn't be the > Franck> DNS system already in place? > > Franck> The root servers would share the ROOT Certificates and would sign a > Franck> certificate to each .org .com .net .fr,... managers of this > Franck> domains...Which in turn would use these certificates to sign sub > Franck> domains > Franck> certificates... > > Please see the minutes from the "siked" BOF from #53... oops, none produced. > > http://www.ietf.org/ietf/02mar/siked.txt > and the mailing list at keydist@cafax.se. I think this was when Randy Bush (with Ops & Mgmt Area Director hat on) said that certificates will not be stored in DNS; keys.. if you really want, why not (but if you don't understand the difference between keys and certificates, be quiet). Or at least that was how I remember how it went. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords