Re: Global PKI on DNS?

Bill Sommerfeld wrote: >> As others have pointed out, the DNS already has the capability >> to store certs. So you could use the DNS as a publication >> method. But is this the only thing a PKI needs? How would >> one revolke a cert that was in the DNS? How can you update >

Re: Global PKI on DNS?

Keith Moore wrote: >>>Nearly all of the major IETF security protocols (TLS, IPsec, OpenPGP) >>>already have their own certificate discovery mechanism and therefore >>>have no need to have certificates in the DNS. TLS, in particular, >>>wouldn't know what to do with them if they were there. >> >>Th

Re: LC comments on draft-laurie-pki-sunlight-05

On 1 January 2013 21:50, =JeffH wrote: > Hi, > > Here are some last call comments on draft-laurie-pki-sunlight-05. > > Overall the spec is in basically overall reasonable shape but I do have some > substantive comments that if I'm not totally misunderstanding things (which > could be the case) oug

Re: [therightkey] Fwd: Re: Last Call: (Certificate Transparency) to Experimental RFC

On 14 January 2013 11:30, Stephen Farrell wrote: > > FYI. Some comments sent just to the IETF list. Please > respond there. > > Thanks, > S. > > > Original Message > Subject: Re: Last Call: (Certificate > Transparency) to Experimental RFC > Date: Thu, 10 Jan 2013 09:10:32 -0800

Re: LC comments on draft-laurie-pki-sunlight-05

Apologies for responding to recent comments in random order: I'm travelling and have accumulated something of a backlog. On 22 January 2013 03:11, =JeffH wrote: > apologies for latency, many meetings and a conference in the last couple of > weeks. > > BenL replied: >> On 1 January 2013 21:50, =Je

Re: LC comments on draft-laurie-pki-sunlight-05 - "acceptable root certificates" ?

On 22 January 2013 21:44, =JeffH wrote: > > 3.1. Log Entries Anyone can submit a certificate to any log. In order to enable attribution of each logged certificate to its issuer, the log SHALL publish a list of acceptable root certificates (this list might

Re: LC comments on draft-laurie-pki-sunlight-05 - "acceptable root certificates" ?

On 28 January 2013 22:41, =JeffH wrote: >> Apologies for responding to recent comments in random order: I'm >> travelling and have accumulated something of a backlog. > > no worries :) > > thx again for your thoughts. > > > BenL replied: >> On 22 January 2013 03:11, =JeffH wrote: > > - is

Re: [therightkey] LC comments on draft-laurie-pki-sunlight-05

On 16 February 2013 10:22, Phillip Hallam-Baker wrote: > Sorry for the delay but I have been thinking of CT and in particular the > issues of > > * Latency for the CA waiting for a notary server to respond > * Business models for notary servers > > As a rule open source software works really well

Re: [therightkey] LC comments on draft-laurie-pki-sunlight-05

On 17 February 2013 00:24, Phillip Hallam-Baker wrote: > > > On Sat, Feb 16, 2013 at 1:55 PM, Ben Laurie wrote: >> >> On 16 February 2013 10:22, Phillip Hallam-Baker wrote: >> > Sorry for the delay but I have been thinking of CT and in particular the >> >

Re: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]

On 21 September 2013 06:02, SM wrote: > Hi Brian, > > At 21:54 19-09-2013, Brian E Carpenter wrote: >> >> I got my arm slightly twisted to produce the attached: a simple >> concatenation of some of the actionable suggestions made in the >> discussion of PRISM and Bruce Schneier's call for action.