To:
warlord@MIT.EDU
Cc:
lewis@tislabs.com, dnssec@cafax.se
From:
Havard Eidnes <he@uninett.no>
Date:
Wed, 05 Sep 2001 13:10:08 +0200 (CEST)
In-Reply-To:
<sjmvgiyrdql.fsf@rcn.ihtfp.org>
Sender:
owner-dnssec@cafax.se
Subject:
Re: CERTificates and public keys
> It would be less confusing than having to have each app decide whether > it's looking for a 'Cert' or 'Appkey' record when it wants to look for > a key in the DNS. Having a single place to look is a Good Thing (TM). In my humble opinion, this is simply wrong. As I said before: a key is not a certificate and a certificate is not a key (although it *contains* one), and we should *not* promulgate the confusion that those two are the same. The misnomer "pgp key" comes to mind. An application writer or protocol designer knows up front whether the application should ask for a certificate with its own built-in integrity/authenticity verification system, or just raw (public) key material which would then depend on DNSSEC for the integrity/ authenticity verification. Regards, - Håvard