Re: Global PKI on DNS?

To: franck at SOPAC.ORG (Franck Martin)
Subject: Re: Global PKI on DNS?
From: Bill Manning <bmanning at ISI.EDU>
Date: Sat, 8 Jun 2002 21:44:35 -0700 (PDT)
Cc: openssl-users at openssl.org, ietf at ietf.org, isdf at isoc.org
In-reply-to: <1023542548.17232.30.camel@flinux.sopac.org.fj> from Franck Martin at "Jun 8, 2 01:22:28 pm"
Sender: owner-ietf at ietf.org

% I was wondering if the best system to build a global PKI wouldn't be the
% DNS system already in place?
% 
	As others have pointed out, the DNS already has the capability
	to store certs.  So you could use the DNS as a publication 
	method.  But is this the only thing a PKI needs?  How would
	one revolke a cert that was in the DNS?  How can you update
	-every- cached copy of the cert in question? 

	For this (among other) reason(s), the DNS can't really be 
	considered a PKI in any real sense.

-- 
--bill

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Bill Sommerfeld

References:
- Global PKI on DNS?
  - From: Franck Martin

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Previous by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.