To:
openssl-users@openssl.org, jstracke@incentivesystems.com
Cc:
Franck@sopac.org, ietf@ietf.org, isdf@isoc.org, keydist@cafax.se, owner-ietf@ietf.org
From:
Richard Levitte - VMS Whacker <levitte@stacken.kth.se>
Date:
Thu, 13 Jun 2002 21:34:14 +0200 (CEST)
In-Reply-To:
<OF4A931F67.FFE1C8BB-ON85256BD7.004D98DC@incentivesystems.com>
Sender:
owner-keydist@cafax.se
Subject:
Re: Global PKI on DNS?
In message <OF4A931F67.FFE1C8BB-ON85256BD7.004D98DC@incentivesystems.com> on Thu, 13 Jun 2002 10:08:49 -0400, "John Stracke" <jstracke@incentivesystems.com> said: jstracke> >The CERT extension to DNS allows to place there a URI, a jstracke> >URI is smaller than a cert and stays in a udp packet. jstracke> jstracke> Bootstrap problem: how can you trust the results of the URI? The same way I trust whatever certificate source I have; not at all. But from a PKI point of view, that's beside the point, as long as you can to path discovery and validation all the way between the certificate I want to verify and a set of root certificates you trust. So the bootstrap problem is the same regardless of your certificate source: you need a set of trusted root certificates. -- Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- poei@bofh.se Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info.