Support for public-key infrastructures in DNS
Traditionally, publicly available repositories of certificates offer the usual response to the problem of public key distribution. After issuing a public-key certificate a certification authority (CA) - in the frame of a particular public-key infrastructure (PKI) - will store and publish that certificate in a repository so that, at a later moment, end-users can search, find and retrieve public-key certificates. A known and still persisting drawback of this approach is that these repositories are not interconnected between each other on an Internet scale, therefore the search and retrieving of certificates on a wider scale turns out to be very difficult. In this scenario, end-users are supposed to know the Internet location of the repository before actually starting the procedure of search and retrieval. Currently, there are no means to perform automatic discovery of authoritative repositories for a particular certificate using as a search-key some information identifying an Internet entity. In this paper, we try to describe a different approach for solving the key distribution problem. This solution takes into account an already existing Internet-wide infrastructure: the domain name system (DNS).
READ FULL TEXT