KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Peter Deutsch <pdeutsch@earthlink.net>
cc: John Stracke <jstracke@incentivesystems.com>, keydist@cafax.se, ietf@ietf.org, isdf@isoc.org, openssl-users@openssl.org
From: Keith Moore <moore@cs.utk.edu>
Date: Tue, 11 Jun 2002 20:08:05 -0400
In-reply-to: (Your message of "Tue, 11 Jun 2002 15:25:10 PDT.") <3D0678C6.972942FD@earthlink.net>
Sender: owner-keydist@cafax.se
Subject: Re: Global PKI on DNS?

> Somebody (I
> think it was Keith) suggested earlier in this thread that nobody should
> be trusted with the single PKI root. Maybe the same sentiment applies to
> DNS roots, as well?? 

no, it doesn't follow at all.    you need a unique root (of some kind) to 
prevent name conflicts - mutual self-interest among competitors does not
suffice to do that.  

OTOH a distinguished root CA is a Very Bad Idea.

Keith

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Peter Deutsch <pdeutsch@earthlink.net>

References:
- Re: Global PKI on DNS?
  - From: Peter Deutsch <pdeutsch@earthlink.net>

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Prev by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Home | Date list | Subject list