Hacker News new | ask | show | jobs
by nick-garfield 2199 days ago
What do you mean by DNS-based PKI? That sounds interesting, but I can't quite visualize what that is.
2 comments
cryptonector 2199 days ago
There are two options:

  - registries and registrars run name-constrained CAs

  - DNSSEC/DANE (RFC 6698 https://tools.ietf.org/html/rfc6698)
link
dogma1138 2199 days ago
I’m guessing using CERT resource records, that however doesn’t solve how you establish the chain of trust really.
link