Re: Global PKI on DNS?

To: openssl-users at openssl.org, ietf at ietf.org, isdf at isoc.org
Subject: Re: Global PKI on DNS?
From: Fred Baker <fred at cisco.com>
Date: Wed, 12 Jun 2002 15:13:17 -0700
In-reply-to: <200206080227.g582RASI002503@turing-police.cc.vt.edu>
References: <Your message of "Sat, 08 Jun 2002 13:22:28 -0000." <1023542548.17232.30.camel@flinux.sopac.org.fj> <B9266DC7.69C5%brian@balancesoftware.com> <1023542548.17232.30.camel@flinux.sopac.org.fj>
Sender: owner-ietf at ietf.org

At 10:27 PM 6/7/2002 -0400, Valdis.Kletnieks at VT.EDU wrote:

2) DNS has to be *FAST*, especially at the root - we're talking on the
order of 200K queries a *SECOND*.  You figure out how to do that while
also tossing certificates around, let us know...

I must be missing something. As far as I know, the root would not be distributing any certificates other than its own. The root would do its 20K/second/server identification of where the .com/.uk/.se/.whatever servers are just as it does now, and those servers would in turn do the example.com/etc service they do now, and example.com would reply with its key or cert.

The issue would be the signatures on the keys/certs. In DNSSEC, the TLD is also an authority (registration or certificate, perhaps both), and has to sign a bazillion certificates.

References:
- Global PKI on DNS?
  - From: Franck Martin
- Re: Global PKI on DNS?
  - From: Valdis . Kletnieks

Prev by Date: Re: Global PKI on DNS?
Next by Date: LEAP Security Vulnerabilities?
Previous by thread: Re: Global PKI on DNS?
Next by thread: Re: Global PKI on DNS?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Global PKI on DNS?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.