To:
Peter Deutsch <pdeutsch@earthlink.net>
cc:
John Stracke <jstracke@incentivesystems.com>, keydist@cafax.se, ietf@ietf.org, isdf@isoc.org, openssl-users@openssl.org
From:
Keith Moore <moore@cs.utk.edu>
Date:
Tue, 11 Jun 2002 20:08:05 -0400
In-reply-to:
(Your message of "Tue, 11 Jun 2002 15:25:10 PDT.") <3D0678C6.972942FD@earthlink.net>
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
> Somebody (I > think it was Keith) suggested earlier in this thread that nobody should > be trusted with the single PKI root. Maybe the same sentiment applies to > DNS roots, as well?? no, it doesn't follow at all. you need a unique root (of some kind) to prevent name conflicts - mutual self-interest among competitors does not suffice to do that. OTOH a distinguished root CA is a Very Bad Idea. Keith