Op 20 sep. 2013, om 14:55 heeft Phillip Hallam-Baker <hal...@gmail.com> het volgende geschreven:
> On Fri, Sep 20, 2013 at 4:36 AM, Dirk-Willem van Gulik <di...@webweaving.org> > wrote: > > Op 19 sep. 2013, om 19:15 heeft Phillip Hallam-Baker <hal...@gmail.com> het > volgende geschreven: > > > Let us say I want to send an email to al...@example.com securely. > ... > > ppid:al...@example.com:example.net:Syd6BMXje5DLqHhYSpQswhPcvDXj+8rK9LaonAfcNWM > … ... > <id>.<ns>.<namespace>.fqdn-in-some-tld. > > which is in fact a first-come, first-served secure dynamic dns updatable zone > containing the public key. > > Which once created allows only updating to those (still) having the private > key of the public key that signed the initial claim of that <id>. > > Interesting, though I suspect this is attempting to meet different trust > requirements than I am. Most likely. The aim was not so much to secure an entry - but to provide a sufficiently solid bread-crum trail to the information which could be used to do so; to be able to use both 'trust on first contact' -or- a trust chain; and to provide 'low cost' yet very robust pillars that can be managed by 'untrusted' parties. Or in other words - the design focused more on a workable trust infrastructure with the governance pushed as close to the (end) user as possible; at the expense of some 'absolute default' trust (absolute as in the sort of trust you'd get by default from 'some deity/governement/big-mega-crop says I am good/interacting with a legal entity). Dw.
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography