[OpenID] OpenID as a PKI facilitator

Recordon, David drecordon at verisign.com
Sat Apr 7 16:22:10 UTC 2007


Ah, now I see our disconnect.  I thought "dick" and "david" had different keys as per the DTP discussion.

--David


 -----Original Message-----
From: 	Dick Hardt [mailto:dick at sxip.com]
Sent:	Saturday, April 07, 2007 07:30 AM Pacific Standard Time
To:	Ben Laurie
Cc:	OpenID General
Subject:	Re: [OpenID] OpenID as a PKI facilitator


On 7-Apr-07, at 3:53 AM, Ben Laurie wrote:

> On 4/7/07, Dick Hardt <dick at sxip.com> wrote:
>> Hmmm ... that is not how I understood it worked from talking to  
>> Ben Laurie.
>>
>> Ben: would seem pretty heavy if zone file was needed to store a  
>> key in a
>> record. Is this true?
>
> No. But nor is that what David said: he said a separate zone was
> needed for each signing key. Which is true.
>
> What I can't figure out from what has been written in this thread what
> exactly you are trying to do, or why it would involve multiple signing
> keys - from what I'm reading, you want to publish a key per user,
> signed by some authority, which you can do in a single zone. But I'm
> guessing wildly.

Your guess is what  we were talking about. How do you publish a key  
for the user, where each user is represented by a different DNS record.

dick.pip.verisignlabs.com and david.pip.verisignlabs.com would be  
able to be in the zone and hence use the signing key for  
pip.verisignlabs.com.

-- Dick

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070407/9e915c84/attachment-0002.htm>


More information about the general mailing list