Re: Global PKI on DNS?

To: Stephen Kent <kent at bbn.com>
Subject: Re: Global PKI on DNS?
From: Keith Moore <moore at cs.utk.edu>
Date: Thu, 13 Jun 2002 14:47:07 -0400
Cc: Keith Moore <moore at cs.utk.edu>, Einar Stefferud <stef at nma.com>, ietf <ietf at ietf.org>
In-reply-to: (Your message of "Thu, 13 Jun 2002 14:15:42 EDT.") <p0510030ab92e8f4fdda2@[128.89.88.34]>
Sender: owner-ietf at ietf.org

> A modest, realistic ambition for a DNS-based PKI would be to improve
> the security of the binding between DNS entries and the associated
> machines

yes, I think this is right.  it eliminates some kinds of threats. but 
it still doesn't guarantee that you're talking to the service you think 
you're talking to. and that's a difficult distinction to communicate 
to users.

that and putting this much trust in the registries makes them very
attractive targets.

Keith

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Stephen Kent

References:
- Re: Global PKI on DNS?
  - From: Stephen Kent

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Previous by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.