[OpenID] OpenID as a PKI facilitator

Dick Hardt dick at sxip.com
Sat Apr 7 14:29:12 UTC 2007


On 7-Apr-07, at 3:53 AM, Ben Laurie wrote:

> On 4/7/07, Dick Hardt <dick at sxip.com> wrote:
>> Hmmm ... that is not how I understood it worked from talking to  
>> Ben Laurie.
>>
>> Ben: would seem pretty heavy if zone file was needed to store a  
>> key in a
>> record. Is this true?
>
> No. But nor is that what David said: he said a separate zone was
> needed for each signing key. Which is true.
>
> What I can't figure out from what has been written in this thread what
> exactly you are trying to do, or why it would involve multiple signing
> keys - from what I'm reading, you want to publish a key per user,
> signed by some authority, which you can do in a single zone. But I'm
> guessing wildly.

Your guess is what  we were talking about. How do you publish a key  
for the user, where each user is represented by a different DNS record.

dick.pip.verisignlabs.com and david.pip.verisignlabs.com would be  
able to be in the zone and hence use the signing key for  
pip.verisignlabs.com.

-- Dick




More information about the general mailing list