KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EKR <ekr@rtfm.com>
Cc: Key Distribution <keydist@cafax.se>
From: David Conrad <david.conrad@nominum.com>
Date: Wed, 12 Jun 2002 08:18:00 -0700
In-Reply-To: <kjptywli8w.fsf@romeo.rtfm.com>
Sender: owner-keydist@cafax.se
User-Agent: Microsoft-Entourage/10.1.0.2006
Subject: Re: Global PKI on DNS?

[cc reset to keydist]

Hi,

On 6/12/02 6:49 AM, "Eric Rescorla" <ekr@rtfm.com> wrote:
> If all you want to do is cram PKIX/X.509 certs into the DNS, the
> question becomes: why?

Because:

> Nearly all of the major IETF security protocols (TLS, IPsec, OpenPGP)
> already have their own certificate discovery mechanism

More specifically, as far as I can tell (and, of course, I'm not a "card
carrying credentialed security person", so I shouldn't speak out of turn,
but...), none of the myriad existing key distribution mechanisms have been
deployed on anything like a significant scale.  Why reinvent the wheel each
time a new protocol is developed?

Rgds,
-drc

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Eric Rescorla <ekr@rtfm.com>

References:
- Re: Global PKI on DNS?
  - From: Eric Rescorla <ekr@rtfm.com>

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Prev by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Home | Date list | Subject list