Re: Global PKI on DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 10:27 PM 6/7/2002 -0400, Valdis.Kletnieks@VT.EDU wrote:
>2) DNS has to be *FAST*, especially at the root - we're talking on the
>order of 200K queries a *SECOND*.  You figure out how to do that while
>also tossing certificates around, let us know...

I must be missing something. As far as I know, the root would not be 
distributing any certificates other than its own. The root would do its 
20K/second/server identification of where the .com/.uk/.se/.whatever 
servers are just as it does now, and those servers would in turn do the 
example.com/etc service they do now, and example.com would reply with its 
key or cert.

The issue would be the signatures on the keys/certs. In DNSSEC, the TLD is 
also an authority (registration or certificate, perhaps both), and has to 
sign a bazillion certificates.


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]