[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNS names
-----BEGIN PGP SIGNED MESSAGE-----
At 06:57 PM 8/16/97 -0400, Michael Richardson wrote:
> I think that we might express something like:
> hosts like: *.sandelman.ottawa.on.ca
The use of names like sandelman.ottawa.on.ca to stand for (ref: DNS!! ca on
ottawa sandelman) was a feature of SDSI 1.0, I believe, and was considered
too much of a complication for SPKI.
> as a SDSI group. Are the members of the group defined as being part
>of
> (name DNS Canada Ontario Ottawa Sandelman))
It would be (name (hash ...) ca on ottawa sandelman) where the (hash ...) is
that of the DNS root key. Alternatively, you could define your own name
"DNS" as that key and use the construct
(name DNS ca on ottawa sandelman)
inside a (subject ...) where relative names are allowed. Otherwise, it
would be
(name (hash ...) DNS ca on ottawa sandelman).
This all assumes DNSSEC signed keys are given as SPKI/SDSI certs (or as
something else we can map into 5-tuples, which is a pretty sure bet).
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNAL6u1QXJENzYr45AQGD3QP+L/ttM1+2u+MPIBDchnpXQ5LnKJ+V1wsh
OKLRTWRxNYDQDqXhx3psRfeBmsHrkGvI/uHtDn5mw1fbzUdQijontdpmWWzQWP0i
qIhHG9rqZWYxGEDdwyK+gdPBhq/YRQcXQ6oaXggaT/eYoYr7nWULLn6DUeqk3laG
dxIwcstNe4U=
=pxXv
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: