Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



1)This is what I said LDAP is highly unstructured at the global level where DNS is not...

2)Wow, that's sheer load...How will it scale with more and more people on the net? However for certifcate how many time your browser check for a root certificate? Never... MS has built-in inside the windows update a system to donload new root certificates but that's all. You get it one time, you trust and forget about it till expiration time... as toor servers and ccTLD and gTLD are likely to be srious people then you don't need either to make any query to get the certificates. You just get them one time...

Cheers.

On Sat, 2002-06-08 at 02:27, Valdis.Kletnieks@vt.edu wrote:
On Sat, 08 Jun 2002 13:22:28 -0000, Franck Martin said:

> I was wondering if the best system to build a global PKI wouldn't be the
> DNS system already in place?

No.

1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=,
and OU+ can be at the same level...)

2) DNS has to be *FAST*, especially at the root - we're talking on the
order of 200K queries a *SECOND*.  You figure out how to do that while
also tossing certificates around, let us know...
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]