DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Simon Josefsson <simon+dnssec@josefsson.org>
Cc: Derek Atkins <warlord@MIT.EDU>, Scott Rose <scottr@antd.nist.gov>, <dnssec@cafax.se>
From: Jakob Schlyter <jakob@crt.se>
Date: Tue, 4 Sep 2001 22:14:24 +0200 (MEST)
In-Reply-To: <ilu7kvezr3l.fsf@barbar.josefsson.org>
Sender: owner-dnssec@cafax.se
Subject: Re: CERTificates and public keys

On Tue, 4 Sep 2001, Simon Josefsson wrote:

> It is already possible to put a public key that is not signed by a CA
> in a CERT record.  Let's use it.

the big difference between a CERT and KEY/APPKEY is that you can take the
contents of the record and verify it without any knowledge on DNS and
without any additional SIG records. this also holds for self-signed
certificates. a KEY/APPKEY is not a certificate.

	jakob

References:
- Re: CERTificates and public keys
  - From: Simon Josefsson <simon+dnssec@josefsson.org>

Prev by Date: Re: CERTificates and public keys
Next by Date: Re: CERTificates and public keys
Prev by thread: Re: CERTificates and public keys
Next by thread: Re: CERTificates and public keys
Index(es):
- Date
- Thread

Home | Date list | Subject list