Re: Global PKI on DNS?

To: Robert Elz <kre at munnari.OZ.AU>
Subject: Re: Global PKI on DNS?
From: Michael Richardson <mcr at sandelman.ottawa.on.ca>
Date: Fri, 14 Jun 2002 13:06:55 -0400
Cc: ietf <ietf at ietf.org>
In-reply-to: Your message of "Fri, 14 Jun 2002 17:02:25 +0700." <3216.1024048945@munnari.OZ.AU>
Sender: owner-ietf at ietf.org

>>>>> "Robert" == Robert Elz <kre at munnari.OZ.AU> writes:
    Robert> There's a simple reason why the DNS isn't suitable as a PKI,
    Robert> and it has nothing to do with transitivity of trust, and nothing
    Robert> to do with DNS packet size limitations, or root server workloads.

    Robert> It is that DNS admins did not sign on for the job of authenticating
    Robert> anything (with the possible exception of the DNS itself).  That's
    Robert> not what they do, and for most DNS admins & operators isn't something
    Robert> they have any interest in doing.

  Okay, so they won't do that, and they won't secure their zones, or provide
keys in their zones.

  Don't tell *me* what I can and can't do.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:
- Re: Global PKI on DNS?
  - From: Robert Elz

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Previous by thread: Re: Global PKI on DNS?
Next by thread: RE: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.