To:
"John Stracke" <jstracke@incentivesystems.com>
Cc:
Franck Martin <Franck@sopac.org>, ietf <ietf@ietf.org>, isdf@isoc.org, Key Distribution <keydist@cafax.se>, openssl-users@openssl.org, owner-ietf@ietf.org
From:
Simon Josefsson <simon+keydist@josefsson.org>
Date:
Thu, 13 Jun 2002 21:22:56 +0200
In-Reply-To:
<OF4A931F67.FFE1C8BB-ON85256BD7.004D98DC@incentivesystems.com> ("JohnStracke"'s message of "Thu, 13 Jun 2002 10:08:49 -0400")
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2.90(i686-pc-linux-gnu)
Subject:
Re: Global PKI on DNS?
"John Stracke" <jstracke@incentivesystems.com> writes: >>The CERT extension to DNS allows to place there a URI, a URI is smaller > than >>a cert and stays in a udp packet. > > Bootstrap problem: how can you trust the results of the URI? The URI can contain a hash (fingerprint) of the target data. C.f. TLS extensions document.