Shouldnt we have this discussion in keydist instead? I know keydist isnt a
working group yet but we do have a list for such discussion...
-James Seng
[EMAIL PROTECTED] wrote:
on 6/8/2002 8:22 AM Franck Martin said the following:
I was wondering if the best system to build a global PKI
I have no doubt some of the concerns are very real (others are red herrings) .
The question is whether we have a solution that have rough consensus or not to
address these valid concerns.
When we have acceptable solutions to these concerns, then we can discuss them.
-James Seng
Gee, maybe
I was wondering if the best system to build a global PKI wouldn't be the
DNS system already in place?
A global PKI is a Bad Idea. Nobody is sufficiently trustworthy to be the
root CA.
Keith
Correction: A single global rooted PKI is a bad idea, a single global (in
the namespace sense, not a single system) PKI database where we can look up
certificates is a good idea.
At 07:39 PM 6/9/2002 -0400, Keith Moore wrote:
I was wondering if the best system to build a global PKI
Correction: A single global rooted PKI is a bad idea, a single global (in
the namespace sense, not a single system) PKI database where we can look up
certificates is a good idea.
assuming that you can keep the folks who control the TLDs from trying
to sell themselves as authoritative CAs for
On Sun, 09 Jun 2002 20:57:58 EDT, Keith Moore said:
assuming that you can keep the folks who control the TLDs from trying
to sell themselves as authoritative CAs for those TLDs, I mostly agree.
Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
The worms are out of the
On Sun, 09 Jun 2002 21:36:08 EDT, Keith Moore said:
Unfortunately, Zymyrgy's Law of Evolving Thermodynamics applies here.
The worms are out of the can, and I suggest anybody who wants to fight
this battle order at least a 4-sizes-larger can
these particular worms are still in the