ietf
[Top] [All Lists]

Re: Global PKI on DNS?

2002-06-08 18:20:15
On 6/8/02 3:01 PM, "Steven M. Bellovin" <smb(_at_)research(_dot_)att(_dot_)com> 
wrote:
I was excluding EDNS0, since I thought it wasn't widely implemented.

It has been implemented in the latest version of BINDv8, it has always been
in BINDv9, and I believe it is in Microsoft's DNS server (not positive on
this).  Given EDNS0 is required for implementing DNS for IPv6, I wouldn't
think it something you'd like to exclude.

TCP fallback is, as you are painfully well aware, expensive.

Yes.

What is the average size of a CERT (honest question, I have no idea)?
Good question -- and I don't think there's any one answer.

Hmm.  "Average"?

Technically, you're right, but a number of the essential concepts are
the same, including the key one that the record you're looking for has
to have a name in DNS space.

And, of course, there are applications in which this makes perfect sense
(e.g., ssh).

Rgds,
-drc



<Prev in Thread] Current Thread [Next in Thread>