On 6/7/02 7:27 PM, "Valdis.Kletnieks@VT.EDU" <Valdis.Kletnieks@VT.EDU> wrote: > On Sat, 08 Jun 2002 13:22:28 -0000, Franck Martin said: >> I was wondering if the best system to build a global PKI wouldn't be the >> DNS system already in place? > No. > > 1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=, > and OU+ can be at the same level...) > > 2) DNS has to be *FAST*, especially at the root - we're talking on the > order of 200K queries a *SECOND*. While true, this is a bit misleading. Each individual root server gets less than 10K queries per second. > You figure out how to do that while > also tossing certificates around, let us know... Distribute the load. Rgds, -drc