To:
Keith Moore <moore@cs.utk.edu>
Cc:
"RL 'Bob' Morgan" <rlmorgan@washington.edu>, Eric Rescorla <ekr@rtfm.com>, Key Distribution <keydist@cafax.se>
From:
Derek Atkins <warlord@MIT.EDU>
Date:
12 Jun 2002 12:53:43 -0400
Frpm:
Derek Atkins <derek@ihtfp.com>
In-Reply-To:
<200206121619.g5CGJHn20918@astro.cs.utk.edu>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Subject:
Re: Global PKI on DNS?
[ccs reduced to keydist] Keith Moore <moore@cs.utk.edu> writes: > I don't want to discount the importance of cert discovery, but I do > think it's a stretch to believe that you're going to be willing to > trust all of the certs that you discover in a chain of significant > length, for a significant set of purposes. Why should you dictate this policy to an application? Let the application make that decision. > Keith -derek -- Derek Atkins Computer and Internet Security Consultant derek@ihtfp.com www.ihtfp.com