ietf
[Top] [All Lists]

Re: Global PKI on DNS?

2002-06-08 13:34:41
On 6/7/02 7:27 PM, "Valdis(_dot_)Kletnieks(_at_)VT(_dot_)EDU" 
<Valdis(_dot_)Kletnieks(_at_)VT(_dot_)EDU>
wrote:
On Sat, 08 Jun 2002 13:22:28 -0000, Franck Martin said:
I was wondering if the best system to build a global PKI wouldn't be the
DNS system already in place?
No.

1) There's *NOT* a good mapping between the DNS and LDAP (hint - DN=, O=,
and OU+ can be at the same level...)

2) DNS has to be *FAST*, especially at the root - we're talking on the
order of 200K queries a *SECOND*.

While true, this is a bit misleading.  Each individual root server gets less
than 10K queries per second.

You figure out how to do that while
also tossing certificates around, let us know...

Distribute the load.

Rgds,
-drc



<Prev in Thread] Current Thread [Next in Thread>