Re: Global PKI on DNS?

[EMAIL PROTECTED] said: >On Fri, 14 Jun 2002 10:52:47 +1200, Franck Martin <[EMAIL PROTECTED]> said: > > > Ideally, we should rate each CA in our applications and the application > > should give us a level of risk... >> >>Hey.. it's the PGP Web of Trust. ;) >> >>Content-Type: application/pgp-s

Re: LDAP info

At 08:48 PM 2002-06-13, Frank Ferrante wrote: > >http://www.umich.edu/~dirsvcs/ldap/doc/rfc/rfc1777.txt > Ugh. Suggest you read "LDAPv2 to Historic Status" . This I-D has been submitted for IESG consideration... been through IETF Last Ca

Re: LDAP info

Title: Message  http://www.umich.edu/~dirsvcs/ldap/doc/rfc/rfc1777.txt Frank - Original Message - From: Maneesh_Sharma To: [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 11:14 PM Subject: LDAP info Hi,   does anybody have any document or can tell me a site

LDAP info

Title: Message Hi,   does anybody have any document or can tell me a site where I can get the complete information regarding LDAP. I want to know the basics of LDAP. Any info in this regard will be very useful for me. RegardsManeesh SharmaEngineer Networking--N

Re: Global PKI on DNS?

On Fri, 14 Jun 2002 10:52:47 +1200, Franck Martin <[EMAIL PROTECTED]> said: > Ideally, we should rate each CA in our applications and the application > should give us a level of risk... Hey.. it's the PGP Web of Trust. ;) msg08597/pgp0.pgp Description: PGP signature

RE: Global PKI on DNS?

At 5:14 PM -0500 6/13/02, VILLARREAL, STEVE (SBC-MSI) wrote: >You gents have too much time on your hands. this list should be >used as a means to assist with questions regarding technologies ... >not used as a forum for posturing > Really? Here's the scoop from http://ww

Re: RE: Global PKI on DNS?

If some cretin p8s your domain name away from your IP then when some1 request the pubic pki from that domain they will get bogus info. and the transaction will abort. now if the same pki info was on DNS, they still get good and transact with the cretin instead of u. that info need be on your

RE: Global PKI on DNS?

on www.example.com being squatted, the problem is the squatter does not get the private key, so yes it has a certificate with a public key, but everybody does... To use the certificate, he will have to regenerate a private key, which means a new certificate and expiring the old one. The question

RE: Global PKI on DNS?

You gents have way too much time on your hands. this list should be used as a means to assist with questions regarding technologies ... not used as a forum for posturing -Original Message- From: Christian Huitema [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 2:52 PM To:

Re: Global PKI on DNS?

At 2:15 PM -0400 6/13/02, Stephen Kent wrote: [snip]... [snip]... [snip]... [snip]... [snip]... [snip]... [snip]... [snip]... > >You are the one who keeps saying that trust is transitive. I'm the >one saying that it's not, and that a DNS-based PKI does not imply >transitive trust. > >constructi

RE: Global PKI on DNS?

> > > A PKI modeled on the DNS would parallel > > > the existing hierarchy and merely codify the > relationships expressed > > > by it in the form of public key certs. > > > > so what you're saying is that the cert would mean something like: > > ;-) actually, to a lawyer, a PKI cert says someth

Re: Global PKI on DNS?

Of all the gin joints in all the towns in all the world, Stephen Kent had to walk into mine and say: > > Why does everyone keep thinking that explicit trust is an essential > element of every PKI? If the reasonably intelligent, technically skilled persons in the IETF can't "get it", what makes

Re: Global PKI on DNS?

Keith Moore wrote: > > A PKI modeled on the DNS would parallel > > the existing hierarchy and merely codify the relationships expressed > > by it in the form of public key certs. > > so what you're saying is that the cert would mean something like: ;-) actually, to a lawyer, a PKI cert says so

Re: Global PKI on DNS?

> A modest, realistic ambition for a DNS-based PKI would be to improve > the security of the binding between DNS entries and the associated > machines yes, I think this is right. it eliminates some kinds of threats. but it still doesn't guarantee that you're talking to the service you think yo

Level 3

Hi, Is there a network status page for level 3? Their website seems a bit off today. Thanks much, Jane begin:vcard n:Pawlukiewicz;Jane tel;cell:703 517-2591 tel;fax:703 289-5814 tel;work:703 289-5307 x-mozilla-html:FALSE org:Booz Allen Hamilton;Visit us on the Internet: http://boozallen.com";

Re: Global PKI on DNS?

> A PKI modeled on the DNS would parallel > the existing hierarchy and merely codify the relationships expressed > by it in the form of public key certs. so what you're saying is that the cert would mean something like: "we certify that this key was supplied by a party who gave us money in excha

a nit, Re: Global PKI on DNS?

Stef's point that PKI cannot represent trust relationships is deflected -- but not denied -- by Kent. Does this mean that we can have a global PKI on DNS? No. I believe that Kent is right when he says that PKI deals with a chain of authority, not a chain of trust. This may seem to be an arcane

Re: Global PKI on DNS?

I understand clearly about chains of authority and about the lack of trust transitivity. What makes a DNS delegation of naming zone authority into a trust transitivity vehicle. Why should I trust VeriSign to vouch for my reasons to trust you? When you turn out to have a bogus CERT, after I ha

Re: Regarding MIBs

> On Thu, 13 Jun 2002 17:47:37 +0530, "Chandra Shekar Reddy Challagonda" ><[EMAIL PROTECTED]> said: Chandra> We have register our MIB to get the OID. What my question Chandra> was that, where I can register that. Hope you got my Chandra> question. http://www.iana.org will let you register

Re: Regarding MIBs

> I am involved in generation of MIBs for SNMP for experimental > purpose. Can any one tell me about how to get an Object Identifier > for the MIB which I want to generate. [...] You can obtain a "Private Enterprise Number" at IANA: http://www.iana.org/cgi-bin/enterprise.pl Then you can build

Re: postings to ietf mailing lists

On Wednesday, June 12, 2002, at 01:15 , Bill Strahm wrote: > Can't say about other maillist software, but the software that runs the > @ietf.org lists allows this, you can subscribe from as many addresses as > you want, and only get mail sent to a single address... Hi, Someone here sho

RE: Global PKI on DNS?

>The CERT extension to DNS allows to place there a URI, a URI is smaller than >a cert and stays in a udp packet. Bootstrap problem: how can you trust the results of the URI? /=\ |John Stracke|Principal Engineer

RE: modems

Just a note.. It's interesting how long a thread a troll managed create with his little flamebait :-) -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown o

Re: Global PKI on DNS?

At 10:42 PM -0700 6/12/02, Einar Stefferud wrote: >May I suggest that someone do a little work on proving the trust is >transitive, as that is what this is really all about, and if it >turns out that trust in not transitive, then what was the point? > >Maybe if you ask Google about trust transit

Re: Regarding MIBs

On Thursday, June 13, 2002, at 08:17 , Chandra Shekar Reddy Challagonda wrote: > What my question was that, where I can register that ? Check with IANA. You are looking for an OID in the Enterprises area of the MIB heirarchy. See the IANA Web page (http://www.iana.org) for the proced

RE: Regarding MIBs

Craig, Check out a book called "The Simple Book - An Introduction to Management of TCP/IP based internets" by Marshall T. Rose. Steven Levey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chandra Shekar Reddy Challagonda Sent: Thursday, June 13, 2002

Re: Regarding MIBs

Hi Craig Thanks for your reply. No I am not talking about any GUI things. I am talking about getting OID (Object Identifier) for MIBs (Management Information Base) which will be used between the network elements by SNMP (Simple Network Management Protocol). Its related to Network rather than GUI

Re: Regarding MIBs

Chandra-- If I understand you correctly, you should be able to go to http://www.download.com and find one there. I have some shareware ones on my hard drive. When I can dig it up. I'll send you a copy. That is if I'm understanding you correctly. :-) Are you talking about a GUI of sorts? Cr

Regarding MIBs

Hi I am involved in generation of MIBs for SNMP for experimental purpose.  Can any one tell me about how to get an Object Identifier for the MIB which I want to generate.  Any information provided in this regard will be very useful for me.   Thanks Chandra