KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Keith Moore <moore@cs.utk.edu>
Cc: "RL 'Bob' Morgan" <rlmorgan@washington.edu>, Eric Rescorla <ekr@rtfm.com>, Key Distribution <keydist@cafax.se>
From: Derek Atkins <warlord@MIT.EDU>
Date: 12 Jun 2002 12:53:43 -0400
Frpm: Derek Atkins <derek@ihtfp.com>
In-Reply-To: <200206121619.g5CGJHn20918@astro.cs.utk.edu>
Sender: owner-keydist@cafax.se
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Subject: Re: Global PKI on DNS?

[ccs reduced to keydist]

Keith Moore <moore@cs.utk.edu> writes:

> I don't want to discount the importance of cert discovery, but I do
> think it's a stretch to believe that you're going to be willing to 
> trust all of the certs that you discover in a chain of significant
> length, for a significant set of purposes.

Why should you dictate this policy to an application?  Let the
application make that decision.

> Keith

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Keith Moore <moore@cs.utk.edu>

References:
- Re: Global PKI on DNS?
  - From: Keith Moore <moore@cs.utk.edu>

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Prev by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Home | Date list | Subject list