> 
> At 09:57 AM 9/10/2003 -0700, [EMAIL PROTECTED] wrote:
> >         ok...  does anyone else want to "touch" a secured DNS system
> >         that has some parts fo the tree fully signed?  Its a way to
> >         get some emperical understanding of how interesting/hard
> >         it is to hammer the DNS into a PKI-like thing.
> >
> >         www.rs.net  has some information.
> 
> My assertion is 1) DNS integrity issues have to be addressed as part of 
> generalized DNS trust issues .... regardless of any use for trusted 
> distribution of information that may include public keys. 2) because domain 
> name infrastructure is the root authority for CA/PKI SSL domain name 
> certificates, there is a suggestion that public keys be registered as part 
> of domain name registration (to fix trust issues in domain infrastructure 
> on behalf of the CA/PKI industry). Being able to trust DNS ... and having 
> registered public keys .... means that existing DNS information 
> distribution operation can turn itno trusted distribution of public keys 
> (aka existing DNS infrastructure supports distribution of any information 
> that happens to be registered).

        Nice collection of URLs.
        Ack both your assertions.  RS.NET is a testbed that is being used to
        validate the accuray of those assertions and explore the operational
        and social impact with the deployment of a DNS that can respond
        with information which can be independently verified for accuracy.
        

--bill

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to