To:
Keith Moore <moore@cs.utk.edu>
Cc:
Key Distribution <keydist@cafax.se>
From:
David Conrad <david.conrad@nominum.com>
Date:
Tue, 11 Jun 2002 21:19:42 -0700
In-Reply-To:
<200206120314.g5C3ELn29324@astro.cs.utk.edu>
Sender:
owner-keydist@cafax.se
User-Agent:
Microsoft-Entourage/10.1.0.2006
Subject:
Re: Global PKI on DNS?
[Everything but keydist removed from the ccs] On 6/11/02 8:14 PM, "Keith Moore" <moore@cs.utk.edu> wrote: > well, all of the above is sort of besides the point, because you really > don't need to use DNS to return certs You don't _need_ to use the Internet, postal mail still works. Of course, there may be efficiencies if you use an existing systems. > (and there are a lot of problems > with doing so) OK, I'll bite. What are those problems? > you still get to leverage DNS if you simply define a way > to use DNS to obtain certs with a different protocol (say, using SRV > records). Of course, but then you have to do all the cache handling yourself. On the serving side, you also have to come up with a way of doing redundancy and reliability. But hey, coming up with new protocols that do the same thing as old protocols is fun, so why not? Rgds, -drc