On Jun 8, 2002, 09:22 (-0400) Steven M. Bellovin
<smb(_at_)research(_dot_)att(_dot_)com> wrote:
Here is a sample certificate... which is less than 2kB long...
DNS protocol uses mainly udp, which I think can handle this size...
You can know what it means by using the command (I think):
DNS packets are limited to 512 bytes. Few MTUs are larger than 1500.
If the response requires a larger packet, the query has to be repeated
with TCP, which is more costly.
Anyway -- the concept is called "appkeys", and has been discussed in
the dnsext working group. Check the archives.
Oh yes -- x.509 isn't the only way to do certificates.
For certificates you could use CERT records.
Mats
----------------------------------------------------------------------
Mats Dufberg <dufberg(_at_)nic-se(_dot_)se>
----------------------------------------------------------------------