Re: Global PKI on DNS?

On 6/8/02 6:22 AM, "Steven M. Bellovin" <smb(_at_)research(_dot_)att(_dot_)com> 
wrote:

DNS packets are limited to 512 bytes.


No they are not.  They are limited to 64K.  Even without EDNS0, a large
response can fall back to TCP.  You know this.

Few MTUs are larger than 1500.


What is the average size of a CERT (honest question, I have no idea)?

Anyway -- the concept is called "appkeys", and has been discussed in
the dnsext working group.  Check the archives.


I thought APPKEY was addressing putting non-self-validating keys into the
DNS, relying on DNSSEC to insure a chain of trust.

Rgds,
-drc

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Global PKI on DNS?, (continued) Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, Keith Moore class E address, Nguyen Thi Mai Trang Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Steven M. Bellovin Re: Global PKI on DNS?, Mats Dufberg Re: Global PKI on DNS?, David Conrad <= Re: Global PKI on DNS?, Steven M. Bellovin Re: Global PKI on DNS?, David Conrad Re: Global PKI on DNS?, Johnny Eriksson Re: Global PKI on DNS?, James Seng RE: Global PKI on DNS?, Christian Huitema Re: Global PKI on DNS?, John Stracke Re: Global PKI on DNS?, Peter Deutsch Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Peter Deutsch Re: Global PKI on DNS?, Keith Moore

Previous by Date:	Re: Global PKI on DNS?, David Conrad
Next by Date:	Re: [idn] Re: CDNC Final Comments on Last call of IDN drafts, Dave Crocker
Previous by Thread:	Re: Global PKI on DNS?, Mats Dufberg
Next by Thread:	Re: Global PKI on DNS?, Steven M. Bellovin
Indexes:	[Date] [Thread] [Top] [All Lists]