[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [resend] Use of DNS to distribute keys



> That was not my question.  My question was
> 
>          What assurance features or mechanisms are going to be used
>          throughout the DNS that will make all of us trust all of
>          those servers for all of our applications?

It doesn't matter.  You take the certificate you get back from the
server and do a cryptographic check back to the root key.  That is a
known problem (How do you trust a key that someone sends to you in the
mail anyways?  Same method!)

The biggest problem, currently, is getting DNS to deliver such large
pieces of data.  That seems to be the more pressing problem.  We
solved certificate verification in the creation of certificates.

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
     Secretary, MIT Student Information Processing Board (SIPB)
            warlord@MIT.EDU       PP-ASEL        N1NWH



Follow-Ups: References: