dnsext-3----Page:18
1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21 

“Trust Anchors”
msj: several individual TAs
need explicit revoke to protect against single key compromise
“traditional” semantics for trust (any one key is fine)
johani: one “aggregated” TA (an aggregate of several keys)
no need for explicit revoke
more complex semantics for “when to trust” (an update) - “M of N”
PPT Version