KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Keith Moore <moore@cs.utk.edu>
cc: openssl-users@openssl.org, ietf <ietf@ietf.org>, <isdf@isoc.org>, Key Distribution <keydist@cafax.se>
From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
Date: Wed, 12 Jun 2002 09:57:06 -0700 (PDT)
In-Reply-To: <200206121619.g5CGJHn20918@astro.cs.utk.edu>
Sender: owner-keydist@cafax.se
Subject: Re: Global PKI on DNS?

On Wed, 12 Jun 2002, Keith Moore wrote:

> I don't want to discount the importance of cert discovery, but I do
> think it's a stretch to believe that you're going to be willing to trust
> all of the certs that you discover in a chain of significant length, for
> a significant set of purposes.

So do you think that there's a necessary difference in trustworthiness
between the certs that you "discover" when you take your computer out of
the box, or download the latest browser, and those that you would discover
via some lookup mechanism?  Even if the certs discovered via that
mechanism were associated with policies based on explicit agreements
and terms of use between your organization and the various issuers?

 - RL "Bob"

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Keith Moore <moore@cs.utk.edu>

References:
- Re: Global PKI on DNS?
  - From: Keith Moore <moore@cs.utk.edu>

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Prev by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Home | Date list | Subject list