Implementing an SPKI Certificate Repository within the DNS

Tero Hasu and Yki Kortesniemi
Helsinki University of Technology,
Department of Computer Science,
FIN-02015 HUT, Espoo, Finland


Authorisation certificates can be used to grant access rights from the owner of a resource to other entities and then to further share these rights with others using delegation. However, when access decisions are made, the delegated rights will not be acknowledged unless all the certificates in the delegation chain are available for verification. In this paper we discuss some options for having the necessary certificates available when needed, talk about a proposed solution of storing part of the chain in the DNS, describe our implementation of a DNS based SPKI certificate repository and, finally, elaborate on its use.


author = "Tero Hasu and Yki Kortesniemi",
title = "Implementing an {SPKI} Certificate Repository within the {DNS}",
booktitle = {The Poster Papers Collection of International Workshop on
             Practice and Theory in Public Key Cryptography (PKC)},
address = {Melbourne, Australia},
month = Jan,
year = 2000