[OpenID] OpenID as a PKI facilitator
Recordon, David
drecordon at verisign.com
Sat Apr 7 16:22:10 UTC 2007
Ah, now I see our disconnect. I thought "dick" and "david" had different keys as per the DTP discussion.
--David
-----Original Message-----
From: Dick Hardt [mailto:dick at sxip.com]
Sent: Saturday, April 07, 2007 07:30 AM Pacific Standard Time
To: Ben Laurie
Cc: OpenID General
Subject: Re: [OpenID] OpenID as a PKI facilitator
On 7-Apr-07, at 3:53 AM, Ben Laurie wrote:
> On 4/7/07, Dick Hardt <dick at sxip.com> wrote:
>> Hmmm ... that is not how I understood it worked from talking to
>> Ben Laurie.
>>
>> Ben: would seem pretty heavy if zone file was needed to store a
>> key in a
>> record. Is this true?
>
> No. But nor is that what David said: he said a separate zone was
> needed for each signing key. Which is true.
>
> What I can't figure out from what has been written in this thread what
> exactly you are trying to do, or why it would involve multiple signing
> keys - from what I'm reading, you want to publish a key per user,
> signed by some authority, which you can do in a single zone. But I'm
> guessing wildly.
Your guess is what we were talking about. How do you publish a key
for the user, where each user is represented by a different DNS record.
dick.pip.verisignlabs.com and david.pip.verisignlabs.com would be
able to be in the zone and hence use the signing key for
pip.verisignlabs.com.
-- Dick
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070407/9e915c84/attachment-0002.htm>
More information about the general
mailing list