To:
Simon Josefsson <simon+keydist@josefsson.org>
cc:
Keith Moore <moore@cs.utk.edu>, keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Wed, 12 Jun 2002 16:54:46 -0400
In-reply-to:
(Your message of "Wed, 12 Jun 2002 20:31:05 +0200.") <iluk7p4bb86.fsf@latte.josefsson.org>
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
> Furthermore, the "upgrade" "problem" only affects those people that > wants to use certificates in DNS, thus it is not a "problem" them (or > anyone else). > > If you don't want to use CERT RRs you don't need to upgrade your DNS > server! > > If you want to use CERT RRs you need to upgrade your DNS server! > > I find it truly amazing that those two statements could possibly be > perceived as a design problem. It is what most people expect when > they bring in a new feature. well, you could make a similar statement about a different protocol - if you want to return certs you should support that protocol, if you don't want to return certs you don't need to support it! it's not inherently a design problem that DNS servers might need to be upgraded - it's just part of an argument about the relative merits of different approaches. Keith