[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [resend] Use of DNS to distribute keys



> kaufman@zk3.dec.com says:
> > This discussion came late to pem-dev, and it could be I'm missing some
> > crucial context.  But let me throw in some thoughts:
> > 
> > 1) There is little to be gained by storing certificates of on-line
> > entities in DNS because it is just as easy to ask the entity for its
> > certificate(s).
> 
> But HOW do you ask the entities for their certificates? DNS is a nice
> existing mechanism by which you can do the asking.

It should also be noted that, in doing so, the entire DNS tree need not
be so secure.

If some leaf host needs some security level, only the upper level name
servers of the DNS tree needs to be as secure as the leaf host.

						Masataka Ohta


References: