To:
EKR <ekr@rtfm.com>, "RL 'Bob' Morgan" <rlmorgan@WASHINGTON.EDU>
Cc:
<openssl-users@openssl.org>, ietf <ietf@ietf.org>, <isdf@isoc.org>, Key Distribution <keydist@cafax.se>
From:
David Conrad <david.conrad@nominum.com>
Date:
Wed, 12 Jun 2002 10:03:36 -0700
In-Reply-To:
<kjit4ole1o.fsf@romeo.rtfm.com>
Sender:
owner-keydist@cafax.se
User-Agent:
Microsoft-Entourage/10.1.0.2006
Subject:
Re: Global PKI on DNS?
On 6/12/02 8:20 AM, "Eric Rescorla" <ekr@rtfm.com> wrote: >> But I can do >> this only if I can discover certs that *aren't* either in the set it hands >> me or in my local set, and TLS says nothing about how to do this. > Yes, because it's an edge case. Scalability as an edge case. Hmm. > We barely have any PKI at all, Actually, it would appear we barely have a bunch of different, non-interoperable, non-scalable PKIs. However, since I'm not a card carrying credentialed security person, I'm probably mistaken. > I think it's a little early to start > worrying about cross-certification. I think it is more than a bit late. Rgds, -drc