On 13 August 2012 20:04, Michael Richardson <mcr+i...@sandelman.ca> wrote: > ... > which would permit you to validate who I am, even though neither of > have connectivity at the time.. I would cache my DNSSEC path, and of > course, we each would already have the root DNSSEC key. (no different > than how PKIX works...) > > I see signposts as being additional local trust anchors that can be > used.
yes, i think we would too :) specifically: in the "common case" we'd envisage that each person would have at least one publicly visible signpost, probably hosted in the cloud (whether or not operated directly by them, or through some "signpost-as-a-service" provider) unless they have suitable local resources. but we have certainly discussed supporting suitable state replication/caching among signpost instances so that any locally-connected collection of signpost-enabled clients can do all of this without recourse to the public internet (eg., for cases where you still want to be able to interconnect your own devices and you're travelling, or you're at home your broadband uplink has gone down). -- Richard Mortier m...@cantab.net _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet