To:
Derek Atkins <warlord@MIT.EDU>
cc:
Keith Moore <moore@cs.utk.edu>, "RL 'Bob' Morgan" <rlmorgan@washington.edu>, Eric Rescorla <ekr@rtfm.com>, Key Distribution <keydist@cafax.se>
From:
Keith Moore <moore@cs.utk.edu>
Date:
Wed, 12 Jun 2002 13:10:33 -0400
In-reply-to:
(Your message of "12 Jun 2002 12:53:43 EDT.") <sjmr8jc5tgo.fsf@kikki.mit.edu>
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
> > I don't want to discount the importance of cert discovery, but I do > > think it's a stretch to believe that you're going to be willing to > > trust all of the certs that you discover in a chain of significant > > length, for a significant set of purposes. > > Why should you dictate this policy to an application? Let the > application make that decision. I'm perfectly happy to do so - I just don't think it's universally applicable. Keith