[OpenID] OpenID as a PKI facilitator

[Ben Laurie]

On 4/7/07, Recordon, David <drecordon at verisign.com> wrote:
>
>
>
> Ah, now I see our disconnect.  I thought "dick" and "david" had different
> keys as per the DTP discussion.

Obviously they have different keys. You've lost me. What is DTP?

>
>  --David
>
>
>   -----Original Message-----
>  From:   Dick Hardt [mailto:dick at sxip.com]
>  Sent:   Saturday, April 07, 2007 07:30 AM Pacific Standard Time
>  To:     Ben Laurie
>  Cc:     OpenID General
>  Subject:        Re: [OpenID] OpenID as a PKI facilitator
>
>
>  On 7-Apr-07, at 3:53 AM, Ben Laurie wrote:
>
>  > On 4/7/07, Dick Hardt <dick at sxip.com> wrote:
>  >> Hmmm ... that is not how I understood it worked from talking to
>  >> Ben Laurie.
>  >>
>  >> Ben: would seem pretty heavy if zone file was needed to store a
>  >> key in a
>  >> record. Is this true?
>  >
>  > No. But nor is that what David said: he said a separate zone was
>  > needed for each signing key. Which is true.
>  >
>  > What I can't figure out from what has been written in this thread what
>  > exactly you are trying to do, or why it would involve multiple signing
>  > keys - from what I'm reading, you want to publish a key per user,
>  > signed by some authority, which you can do in a single zone. But I'm
>  > guessing wildly.
>
>  Your guess is what  we were talking about. How do you publish a key
>  for the user, where each user is represented by a different DNS record.
>
>  dick.pip.verisignlabs.com and david.pip.verisignlabs.com would be
>  able to be in the zone and hence use the signing key for
>  pip.verisignlabs.com.
>
>  -- Dick
>
>  _______________________________________________
>  general mailing list
>  general at openid.net
>  http://openid.net/mailman/listinfo/general
>
>
>