[OpenID] OpenID as a PKI facilitator
Dick Hardt
dick at sxip.com
Sat Apr 7 14:29:12 UTC 2007
On 7-Apr-07, at 3:53 AM, Ben Laurie wrote:
> On 4/7/07, Dick Hardt <dick at sxip.com> wrote:
>> Hmmm ... that is not how I understood it worked from talking to
>> Ben Laurie.
>>
>> Ben: would seem pretty heavy if zone file was needed to store a
>> key in a
>> record. Is this true?
>
> No. But nor is that what David said: he said a separate zone was
> needed for each signing key. Which is true.
>
> What I can't figure out from what has been written in this thread what
> exactly you are trying to do, or why it would involve multiple signing
> keys - from what I'm reading, you want to publish a key per user,
> signed by some authority, which you can do in a single zone. But I'm
> guessing wildly.
Your guess is what we were talking about. How do you publish a key
for the user, where each user is represented by a different DNS record.
dick.pip.verisignlabs.com and david.pip.verisignlabs.com would be
able to be in the zone and hence use the signing key for
pip.verisignlabs.com.
-- Dick
More information about the general
mailing list