Re: Global PKI on DNS?

At 10:27 PM 6/7/2002 -0400, Valdis(_dot_)Kletnieks(_at_)VT(_dot_)EDU wrote:

2) DNS has to be *FAST*, especially at the root - we're talking on the
order of 200K queries a *SECOND*.  You figure out how to do that while
also tossing certificates around, let us know...

I must be missing something. As far as I know, the root would not bedistributing any certificates other than its own. The root would do its20K/second/server identification of where the .com/.uk/.se/.whateverservers are just as it does now, and those servers would in turn do theexample.com/etc service they do now, and example.com would reply with itskey or cert.

The issue would be the signatures on the keys/certs. In DNSSEC, the TLD isalso an authority (registration or certificate, perhaps both), and has tosign a bazillion certificates.

<Prev in Thread]	Current Thread	[Next in Thread>
Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, Valdis . Kletnieks Re: Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, David Conrad Re: Global PKI on DNS?, Fred Baker <= Re: Global PKI on DNS?, James Pullicino Re: Global PKI on DNS?, Franck Martin Re: Global PKI on DNS?, Michael Richardson Re: Global PKI on DNS?, Pekka Savola Re: Global PKI on DNS?, Simon Josefsson Re: Global PKI on DNS?, Eric A. Hall Re: Global PKI on DNS?, Simon Josefsson Re: Global PKI on DNS?, Eric A. Hall Re: Global PKI on DNS?, Bill Manning Re: Global PKI on DNS?, Bill Sommerfeld

Previous by Date:	Re: Global PKI on DNS?, Keith Moore
Next by Date:	LEAP Security Vulnerabilities?, Hyska, Jason [JJCUS]
Previous by Thread:	Re: Global PKI on DNS?, David Conrad
Next by Thread:	Re: Global PKI on DNS?, James Pullicino
Indexes:	[Date] [Thread] [Top] [All Lists]