In message <1023578283.18618.13.camel@flinux.sopac.org.fj>, Franck Martin write s: > >--=-1oDXxRUK6t5l82vmGc/e >Content-Type: text/plain >Content-Transfer-Encoding: 7bit > >Here is a sample certificate... which is less than 2kB long... > >DNS protocol uses mainly udp, which I think can handle this size... > >You can know what it means by using the command (I think): > DNS packets are limited to 512 bytes. Few MTUs are larger than 1500. Anyway -- the concept is called "appkeys", and has been discussed in the dnsext working group. Check the archives. Oh yes -- x.509 isn't the only way to do certificates. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)