Global PKI on DNS?
Franck Martin <franck@SOPAC.ORG> Sat, 08 June 2002 01:54 UTC
Received: from loki.ietf.org (loki [10.27.2.29]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA19811 for <ietf-web-archive@odin.ietf.org>; Fri, 7 Jun 2002 21:54:17 -0400 (EDT)
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id VAA18413 for ietf-outbound.10@loki.ietf.org; Fri, 7 Jun 2002 21:54:01 -0400 (EDT)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id VAA18385 for <ietf-mainout@loki.ietf.org>; Fri, 7 Jun 2002 21:52:03 -0400 (EDT)
Received: by ietf.org (8.9.1a/8.9.1a) id VAA19797 for ietf-mainout; Fri, 7 Jun 2002 21:51:31 -0400 (EDT)
X-Authentication-Warning: ietf.org: majordom set sender to owner-ietf@ietf.org using -f
Received: from flinux.sopac.org.fj ([202.62.1.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA19765 for <ietf@ietf.org>; Fri, 7 Jun 2002 21:51:09 -0400 (EDT)
Received: by flinux.sopac.org.fj (Postfix, from userid 500) id 34CEF1E95C; Sat, 8 Jun 2002 13:22:28 +0000 (UTC)
Subject: Global PKI on DNS?
From: Franck Martin <franck@SOPAC.ORG>
To: openssl-users@openssl.org
Cc: ietf@ietf.org, isdf@isoc.org
In-Reply-To: <B9266DC7.69C5%brian@balancesoftware.com>
References: <B9266DC7.69C5%brian@balancesoftware.com>
Content-Type: multipart/alternative; boundary="=-TSkMorsjoWKis2MkLWCB"
X-Mailer: Evolution/1.0.2-5mdk
Date: Sat, 08 Jun 2002 13:22:28 +0000
Message-Id: <1023542548.17232.30.camel@flinux.sopac.org.fj>
Mime-Version: 1.0
Sender: owner-ietf@ietf.org
Precedence: bulk
X-Loop: ietf@ietf.org
I was wondering if the best system to build a global PKI wouldn't be the DNS system already in place? The root servers would share the ROOT Certificates and would sign a certificate to each .org .com .net .fr,... managers of this domains...Which in turn would use these certificates to sign sub domains certificates... The issued certifcates would have a constraint on the domain name to ensure that the certificate can only be used in sub domains... and would allow to be used for anything (web server, imap server, e-mail, code, document,...) There would be an extension to the DNS protocol to add a type record which would allow to extract the certificate and the list of revoked certificates... The system would have to be quite secure but DNSSec is in place now... It would be the easiest way as apparently nobody is trying to build a global PKI infrastructure and LDAP people can't agree on a global standard to link each ldap server to each other, which DNS has... Comments? Cheers.
- Global PKI on DNS? Franck Martin
- Re: Global PKI on DNS? Valdis.Kletnieks
- Re: Global PKI on DNS? James Pullicino
- Re: Global PKI on DNS? Franck Martin
- Re: Global PKI on DNS? Franck Martin
- Re: Global PKI on DNS? Steven M. Bellovin
- Re: Global PKI on DNS? Mats Dufberg
- Re: Global PKI on DNS? Michael Richardson
- Re: Global PKI on DNS? Pekka Savola
- Re: Global PKI on DNS? David Conrad
- Re: Global PKI on DNS? David Conrad
- Re: Global PKI on DNS? Eric A. Hall
- Re: Global PKI on DNS? Steven M. Bellovin
- Re: Global PKI on DNS? David Conrad
- Re: Global PKI on DNS? Bill Manning
- Re: Global PKI on DNS? Johnny Eriksson
- Re: Global PKI on DNS? James Seng
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Michael StJohns
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Valdis.Kletnieks
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Valdis.Kletnieks
- Re: Global PKI on DNS? Franck Martin
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Valdis.Kletnieks
- class E address Nguyen Thi Mai Trang
- RE: Global PKI on DNS? Christian Huitema
- Re: Global PKI on DNS? Simon Josefsson
- Re: Global PKI on DNS? Eric A. Hall
- Re: Global PKI on DNS? Simon Josefsson
- Re: Global PKI on DNS? John Stracke
- Re: Global PKI on DNS? Peter Deutsch
- Re: Global PKI on DNS? John Stracke
- Re: Global PKI on DNS? Peter Deutsch
- Re: Global PKI on DNS? Eric A. Hall
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Vernon Schryver
- Re: Global PKI on DNS? David Conrad
- Re: Global PKI on DNS? Eric A. Hall
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? David Conrad
- Re: Global PKI on DNS? David Conrad
- Re: Global PKI on DNS? Eric A. Hall
- Re: Global PKI on DNS? Peter Deutsch
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Eric Rescorla
- Re: Global PKI on DNS? Derek Atkins
- Re: Global PKI on DNS? Valdis.Kletnieks
- Re: Global PKI on DNS? RL 'Bob' Morgan
- Re: Global PKI on DNS? Eric Rescorla
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? RL 'Bob' Morgan
- Re: Global PKI on DNS? RL 'Bob' Morgan
- Re: Global PKI on DNS? Eric Rescorla
- Re: Global PKI on DNS? David Conrad
- Re: Global PKI on DNS? Eric Rescorla
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Jakob Schlyter
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Paul Hoffman / IMC
- Re: Global PKI on DNS? Ben Laurie
- Re: Global PKI on DNS? John Stracke
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Franck Martin
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Fred Baker
- Re: Global PKI on DNS? Chris Evans
- RE: Global PKI on DNS? Franck Martin
- Re: Global PKI on DNS? Einar Stefferud
- Re: Global PKI on DNS? Stephen Kent
- RE: Global PKI on DNS? John Stracke
- Re: Global PKI on DNS? Einar Stefferud
- a nit, Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Harald Koch
- RE: Global PKI on DNS? Christian Huitema
- Re: Global PKI on DNS? Einar Stefferud
- RE: Global PKI on DNS? VILLARREAL, STEVE (SBC-MSI)
- RE: Global PKI on DNS? Franck Martin
- Re: RE: Global PKI on DNS? Chris Evans
- RE: Global PKI on DNS? Ari Ollikainen
- Re: Global PKI on DNS? Valdis.Kletnieks
- Re: Global PKI on DNS? Einar Stefferud
- Re: Global PKI on DNS? Robert Elz
- RE: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Simon Josefsson
- Re: Global PKI on DNS? Richard Levitte - VMS Whacker
- Re: Global PKI on DNS? Mark.Andrews
- Re: Global PKI on DNS? Einar Stefferud
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Michael Richardson
- Re: Global PKI on DNS? John Stracke
- Re: Global PKI on DNS? Eric A. Hall
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Einar Stefferud
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Eric Rescorla
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Eric Rescorla
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Einar Stefferud
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Ed Gerck
- correction (was Re: Global PKI on DNS?) Keith Moore
- Re: Global PKI on DNS? Alex Audu
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Einar Stefferud
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Einar Stefferud
- Re: Global PKI on DNS? Chris Evans
- Re: Global PKI on DNS? Alex Audu
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Ed Gerck
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Stephen Kent
- Re: Global PKI on DNS? Keith Moore
- RE: Global PKI on DNS? Mike Burns
- RE: Global PKI on DNS? Einar Stefferud
- RE: Global PKI on DNS? John Stracke
- Re: Global PKI on DNS? Keith Moore
- Re: Global PKI on DNS? Lloyd Wood
- Re: Global PKI on DNS? Einar Stefferud