To:
ietf <ietf@ietf.org>
Cc:
isdf@isoc.org, Key Distribution <keydist@cafax.se>, openssl-users@openssl.org
From:
"John Stracke" <jstracke@incentivesystems.com>
Date:
Wed, 12 Jun 2002 16:13:51 -0400
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
>> I don't want to discount the importance of cert discovery, but I do >> think it's a stretch to believe that you're going to be willing to >> trust all of the certs that you discover in a chain of significant >> length, for a significant set of purposes. > >We're already trusting chains of signficant length (i.e. DNS delegation) >with no decent verification at all. That's a good point. PKI on DNS might not be the most trustworthy system imaginable, but it would probably be an improvement over no PKI. Provided it doesn't break DNS... /========================================================\ |John Stracke |Principal Engineer | |jstracke@incentivesystems.com |Incentive Systems, Inc.| |http://www.incentivesystems.com |My opinions are my own.| |========================================================| |E pui muove! -- Galileo | \========================================================/