Re: Global PKI on DNS?

To: Franck Martin <franck at SOPAC.ORG>
Subject: Re: Global PKI on DNS?
From: Valdis.Kletnieks at vt.edu
Date: Fri, 07 Jun 2002 22:27:10 -0400
Cc: openssl-users at openssl.org, ietf at ietf.org, isdf at isoc.org
In-reply-to: Your message of "Sat, 08 Jun 2002 13:22:28 -0000." <1023542548.17232.30.camel@flinux.sopac.org.fj>
References: <B9266DC7.69C5%brian@balancesoftware.com> <1023542548.17232.30.camel@flinux.sopac.org.fj>
Sender: owner-ietf at ietf.org

On Sat, 08 Jun 2002 13:22:28 -0000, Franck Martin said:

> I was wondering if the best system to build a global PKI wouldn't be the
> DNS system already in place?

No.

1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=,
and OU+ can be at the same level...)

2) DNS has to be *FAST*, especially at the root - we're talking on the
order of 200K queries a *SECOND*.  You figure out how to do that while
also tossing certificates around, let us know...
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

Attachment: pgpHUlIY4X5mU.pgp
Description: PGP signature

Follow-Ups:
- Re: Global PKI on DNS?
  - From: Fred Baker
- Re: Global PKI on DNS?
  - From: David Conrad
- Re: Global PKI on DNS?
  - From: Franck Martin

References:
- Global PKI on DNS?
  - From: Franck Martin

Prev by Date: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Previous by thread: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.