[Cryptography] Preliminary review of the other Applied Cryptography

Thu Apr 10 13:16:16 EDT 2014

On Wed, Apr 09, 2014 at 11:48:04PM -0700, David Conrad wrote:

> More interestingly, DNSSEC can potentially provide a basis for an
> alternative PKI to the X.509 PKI. I personally would see that as a positive.

It is interesting to note that the subject and issuer DNs in the
original X.509 PKI where supposed to be delivered via an-online
global X.500 directory.  The fact that no such directory ever got
deployed is a signficant part of the many issues with X.509.

DANE is an attempt to put the distributed directory back into the
Internet PKI.  Time will tell whether it will succeed or fizzle.

-- 
	Viktor.