In message <[EMAIL PROTECTED]> on Thu, 13
Jun 2002 10:08:49 -0400, "John Stracke" <[EMAIL PROTECTED]> said:
jstracke> >The CERT extension to DNS allows to place there a URI, a
jstracke> >URI is smaller than a cert and stays in a udp packet.
jstracke>
jstracke> Bootstrap problem: how can you trust the results of the URI?
The same way I trust whatever certificate source I have; not at all.
But from a PKI point of view, that's beside the point, as long as you
can to path discovery and validation all the way between the
certificate I want to verify and a set of root certificates you trust.
So the bootstrap problem is the same regardless of your certificate
source: you need a set of trusted root certificates.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
