17 Dec
2003
17 Dec
'03
11:17 p.m.
sdw@lig.net (Stephen D. Williams) wrote:
I really like the idea of using DNS for (public I assume) keys...
I don't. Public keys in the DNS is a bad idea because it makes it difficult to update the database, especially in large organizations. When a host's key is issued or changed then they would have to get the nameserver admin to change it for them. This could become a major problem/ inconvenience for many, many people. The host should be able to give its own key in response to a query. That key could, of course, be signed by any number of trusted signators to guarentee authenticity.