Re: Global PKI on DNS?

To: Peter Deutsch <pdeutsch at earthlink.net>
Subject: Re: Global PKI on DNS?
From: Keith Moore <moore at cs.utk.edu>
Date: Tue, 11 Jun 2002 20:08:05 -0400
Cc: John Stracke <jstracke at incentivesystems.com>, keydist at CAFAX.SE, ietf at ietf.org, isdf at isoc.org, openssl-users at openssl.org
In-reply-to: (Your message of "Tue, 11 Jun 2002 15:25:10 PDT.") <3D0678C6.972942FD@earthlink.net>
Sender: owner-ietf at ietf.org

> Somebody (I
> think it was Keith) suggested earlier in this thread that nobody should
> be trusted with the single PKI root. Maybe the same sentiment applies to
> DNS roots, as well?? 

no, it doesn't follow at all.    you need a unique root (of some kind) to 
prevent name conflicts - mutual self-interest among competitors does not
suffice to do that.  

OTOH a distinguished root CA is a Very Bad Idea.

Keith

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Peter Deutsch

References:
- Re: Global PKI on DNS?
  - From: Peter Deutsch

Prev by Date: Re: Global PKI on DNS?
Next by Date: RE: modems
Previous by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.