On Fri, Mar 13, 2015 at 1:54 PM, John Levine <[email protected]> wrote:
> > I'm trying to imagine a situation where one security admin assigns PGP > keys, a different one assigns S/MIME keys for the same users, and they > hate each other so much that they need to use separate DNS > provisioning systems. You obviously haven't had the fun of big corporate environments. They might not even know who each other are, let alone trust each other. And, there may be anti-social-engineering reasons that they are not allowed to trust each other. FWIW, I doubt very much that PGP keys are assigned by a security admin. > Then I try to imagine how those same two admins > nonetheless manage to get both sets of keys into the same MUAs. > > If you have to get public keys INTO the MUA, you are (by definition) not using DNS. The entire point of these proposals are for publishing and querying/discovery via DNS. Or are you thinking private keys? For PGP and S/MIME, I believe those are apples & oranges. Again, it is the MUA developer's responsibility to make them both work, and I expect a "pull" model vs a "push" model. Brian
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
