X.509 / PKI, PGP, and IBE Secure Email Technologies
James A. Donald
jamesd at echeque.com
Mon Dec 26 12:37:00 EST 2005
--
From: Anne & Lynn Wheeler
<lynn at garlic.com>
> as part of various integrity issues related to that
> process, there has been a proposal, somewhat backed by
> the ssl domain name certification authority industry
> that domain name owners also register a public key
> with the domain name infrastructure (in addition to
> identificaiton information). then future communcation
> can be digitally signed and verified with the onfile
> public key. also the ssl domain name certification
> authority industry can require that ssl domain name
> certificate applications be digitally signed. then the
> certification authority can replace the expensive,
> time-consuming, and error-prone identification
> matching process with a much less-expensive and
> efficient authentication process by doing a real-time
> retrieval of the on-file publickey from the domain
> name infrastructure for verifying the digital
> signature (in lieu of doing a real-time retrieval of
> the on-file identificaiton information for the
> expensive, time-consuming and error-prone
> identification matching).
Unfortunately most domain name registrars take a
completely irresponsible attitude to domain name theft,
despite the fact that domain name theft is a major
problem. OpenSRS is good but their resellers a very
bad. Unfortunately by default, one winds up having the
same password with OpenSRS as with the reseller.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
LA7xNzxuTFoXA1ir8b2UWqPg/P6NhF+naIs34+LG
49FONv1xLEWSjg/TiZ8oHGLHyCAhQLOM7CzPNCuTD
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list