On Sat, 08 Jun 2002 13:22:28 -0000, Franck Martin said: > I was wondering if the best system to build a global PKI wouldn't be the > DNS system already in place? No. 1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=, and OU+ can be at the same level...) 2) DNS has to be *FAST*, especially at the root - we're talking on the order of 200K queries a *SECOND*. You figure out how to do that while also tossing certificates around, let us know... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00076.pgp
Description: PGP signature