[dns-operations] Vista and the PNRP protocol

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Nov 9 10:49:03 UTC 2006

On Thu, Nov 09, 2006 at 10:41:17AM +0000,
 Jeroen Massar <jeroen at unfix.org> wrote 
 a message of 41 lines which said:

> One fundamental thing is that there is no 'root' as such a trusted
> delegation can never exist and you will never know if the resource
> you are trying to access is really the one you want

The way I read the (very incomplete) description of the protocol in
the white paper, you can have a trusted delegation if you trust the
crypto certificate that signed the PNRP ID. I assume Vista will come
with several pre-installed certificates. So, there is a trusted
delegation and a trust model, which seems more X509 than DNS to
me. You can compare that with DNSSEC + DLV :-)

More information about the dns-operations mailing list