Re: Global PKI on DNS?

To: "Steven M. Bellovin" <smb at research.att.com>
Subject: Re: Global PKI on DNS?
From: Mats Dufberg <dufberg at NIC-SE.SE>
Date: Sat, 8 Jun 2002 15:49:03 +0200 (CEST)
Cc: Franck Martin <franck at SOPAC.ORG>, James Pullicino <jamesp at vol.net.mt>, <openssl-users at openssl.org>, <ietf at ietf.org>, <isdf at isoc.org>
In-reply-to: <20020608132255.26DA27B4B@berkshire.research.att.com>
Sender: owner-ietf at ietf.org

On Jun 8, 2002, 09:22 (-0400) Steven M. Bellovin <smb at research.att.com> wrote:

> >Here is a sample certificate... which is less than 2kB long...
> >
> >DNS protocol uses mainly udp, which I think can handle this size...
> >
> >You can know what it means by using the command (I think):
> >
>
> DNS packets are limited to 512 bytes.  Few MTUs are larger than 1500.

If the response requires a larger packet, the query has to be repeated
with TCP, which is more costly.

> Anyway -- the concept is called "appkeys", and has been discussed in
> the dnsext working group.  Check the archives.
>
> Oh yes -- x.509 isn't the only way to do certificates.

For certificates you could use CERT records.



Mats

----------------------------------------------------------------------
Mats Dufberg <dufberg at nic-se.se>
----------------------------------------------------------------------

References:
- Re: Global PKI on DNS?
  - From: Steven M. Bellovin

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Previous by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.