[dns-operations] Vista and the PNRP protocol
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Nov 9 10:49:03 UTC 2006
On Thu, Nov 09, 2006 at 10:41:17AM +0000,
Jeroen Massar <jeroen at unfix.org> wrote
a message of 41 lines which said:
> One fundamental thing is that there is no 'root' as such a trusted
> delegation can never exist and you will never know if the resource
> you are trying to access is really the one you want
The way I read the (very incomplete) description of the protocol in
the white paper, you can have a trusted delegation if you trust the
crypto certificate that signed the PNRP ID. I assume Vista will come
with several pre-installed certificates. So, there is a trusted
delegation and a trust model, which seems more X509 than DNS to
me. You can compare that with DNSSEC + DLV :-)
More information about the dns-operations
mailing list