Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/11/02 4:34 PM, "Eric A. Hall" <ehall@ehsco.com> wrote:
>> The big deal is that some of the more restrictive ISPs may not permit
>> customers to bypass their DNS servers.  Same as with HTTP interception
>> proxies.
> No, the big deal is that the roots and TLDs would be crippled from
> millions of TCP queries for their certs.

Why do you think the roots and TLDs would get millions of TCP queries for
their certs?  Why would anyone want to get the certs of the roots or tlds?

These arguments are going beyond silly and reaching ludicrous.  Yes, some
ISPs do stupid things.  That's when you choose a different ISP or come up
with some workaround.  Yes, there are broken DNS servers out there that
can't handle TCP queries.  Get an unbroken DNS server, there are plenty.
Yes, there may be fragmentation issues, however we are going to have to deal
with this if we're ever going to deploy DNSSEC.

Can we stop with the FUD?

Rgds,
-drc


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]