KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "John Stracke" <jstracke@incentivesystems.com>
Cc: Franck Martin <Franck@sopac.org>, ietf <ietf@ietf.org>, isdf@isoc.org, Key Distribution <keydist@cafax.se>, openssl-users@openssl.org, owner-ietf@ietf.org
From: Simon Josefsson <simon+keydist@josefsson.org>
Date: Thu, 13 Jun 2002 21:22:56 +0200
In-Reply-To: <OF4A931F67.FFE1C8BB-ON85256BD7.004D98DC@incentivesystems.com> ("JohnStracke"'s message of "Thu, 13 Jun 2002 10:08:49 -0400")
Sender: owner-keydist@cafax.se
User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2.90(i686-pc-linux-gnu)
Subject: Re: Global PKI on DNS?

"John Stracke" <jstracke@incentivesystems.com> writes:

>>The CERT extension to DNS allows to place there a URI, a URI is smaller
> than
>>a cert and stays in a udp packet.
>
> Bootstrap problem: how can you trust the results of the URI?

The URI can contain a hash (fingerprint) of the target data.  C.f. TLS
extensions document.

References:
- RE: Global PKI on DNS?
  - From: "John Stracke" <jstracke@incentivesystems.com>

Prev by Date: RE: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Prev by thread: RE: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Home | Date list | Subject list