To:
Simon Josefsson <simon+dnssec@josefsson.org>
Cc:
Derek Atkins <warlord@MIT.EDU>, Edward Lewis <lewis@tislabs.com>, <dnssec@cafax.se>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Tue, 4 Sep 2001 22:14:18 +0200 (MEST)
In-Reply-To:
<ilud756zrfa.fsf@barbar.josefsson.org>
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
On Tue, 4 Sep 2001, Simon Josefsson wrote: > > This ABSOLUTELY asserts that <blob> belongs to "my-machine.mit.edu." > > and provides the exact same security as any other PKI that would > > attempt to say the same thing. > > No, a PKI may provide better security than only binding virtual names > to public keys. > > CERT allows for this, KEY does not. please do not make this a discussion on why we might need or not need a PKI - the people who like to put raw public keys into dns and base their trust on DNSSEC only needs something to carry that key. jakob