Re: Global PKI on DNS?

To: <Valdis.Kletnieks at VT.EDU>, Franck Martin <franck at SOPAC.ORG>
Subject: Re: Global PKI on DNS?
From: David Conrad <david.conrad at nominum.com>
Date: Sat, 08 Jun 2002 13:30:18 -0700
Cc: <openssl-users at openssl.org>, ietf <ietf at ietf.org>, <isdf at isoc.org>
In-reply-to: <200206080227.g582RASI002503@turing-police.cc.vt.edu>
Sender: owner-ietf at ietf.org
User-agent: Microsoft-Entourage/10.1.0.2006

On 6/7/02 7:27 PM, "Valdis.Kletnieks at VT.EDU" <Valdis.Kletnieks at VT.EDU>
wrote:
> On Sat, 08 Jun 2002 13:22:28 -0000, Franck Martin said:
>> I was wondering if the best system to build a global PKI wouldn't be the
>> DNS system already in place?
> No.
> 
> 1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=,
> and OU+ can be at the same level...)
> 
> 2) DNS has to be *FAST*, especially at the root - we're talking on the
> order of 200K queries a *SECOND*.

While true, this is a bit misleading.  Each individual root server gets less
than 10K queries per second.

> You figure out how to do that while
> also tossing certificates around, let us know...

Distribute the load.

Rgds,
-drc

References:
- Re: Global PKI on DNS?
  - From: Valdis . Kletnieks

Prev by Date: Re: Global PKI on DNS?
Next by Date: Re: Global PKI on DNS?
Previous by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.