Re: Global PKI on DNS?

To: Franck Martin <franck at SOPAC.ORG>
Subject: Re: Global PKI on DNS?
From: "Steven M. Bellovin" <smb at research.att.com>
Date: Sat, 08 Jun 2002 09:22:54 -0400
Cc: James Pullicino <jamesp at vol.net.mt>, openssl-users at openssl.org, ietf at ietf.org, isdf at isoc.org
Sender: owner-ietf at ietf.org

In message <1023578283.18618.13.camel at flinux.sopac.org.fj>, Franck Martin write
s:
>
>--=-1oDXxRUK6t5l82vmGc/e
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>
>Here is a sample certificate... which is less than 2kB long...
>
>DNS protocol uses mainly udp, which I think can handle this size...
>
>You can know what it means by using the command (I think):
>

DNS packets are limited to 512 bytes.  Few MTUs are larger than 1500.

Anyway -- the concept is called "appkeys", and has been discussed in 
the dnsext working group.  Check the archives.

Oh yes -- x.509 isn't the only way to do certificates.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)

Follow-Ups:
- Re: Global PKI on DNS?
  - From: David Conrad
- Re: Global PKI on DNS?
  - From: Mats Dufberg

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Previous by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.