On 02/01/2012 08:20 PM, Paul Lambert wrote:
> I may be looking at the back end of the elephant, but terms like "pinning"
> and such seem wrong. With a "key centric" view, the DNS address or other
> information are attributes that can be assigned to a key versus a name
> centric perspective that has multiple keys per name and may need pinning.
Maybe i'm misunderstanding what you're saying here, but the main "key
pinning" proposal seems name-centric to me, not key-centric. It's a way
for a peer with a name you've already authenticated some other way to
make assertions about what keys it will use to identify itself in the
future.
So it's focused on the persistence of the peer's name, and keys are just
a mechanism to demonstrate that persistence.
I think that's a good thing. Are you seeing it some other way?
--dkg
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey
