Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jun 8, 2002, 09:22 (-0400) Steven M. Bellovin <smb@research.att.com> wrote:

> >Here is a sample certificate... which is less than 2kB long...
> >
> >DNS protocol uses mainly udp, which I think can handle this size...
> >
> >You can know what it means by using the command (I think):
> >
>
> DNS packets are limited to 512 bytes.  Few MTUs are larger than 1500.

If the response requires a larger packet, the query has to be repeated
with TCP, which is more costly.

> Anyway -- the concept is called "appkeys", and has been discussed in
> the dnsext working group.  Check the archives.
>
> Oh yes -- x.509 isn't the only way to do certificates.

For certificates you could use CERT records.



Mats

----------------------------------------------------------------------
Mats Dufberg <dufberg@nic-se.se>
----------------------------------------------------------------------




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]