To:
James Seng <jseng@pobox.org.sg>
cc:
keydist@cafax.se
From:
Simon Josefsson <jas@extundo.com>
Date:
Mon, 8 Apr 2002 14:46:57 +0200 (CEST)
In-Reply-To:
<005101c1de90$ba9d4350$0901000a@jamesdesktop>
Sender:
owner-keydist@cafax.se
Subject:
Re: Let's assume DNS is involved
On Mon, 8 Apr 2002, James Seng wrote: > > Adding application keys into DNS will only increase the load of the > > servers with the zone with the key, and they are the ones that want them > > to be there. Data from the root zone and TLD zone will allready be cached > > from the query of the A record. > > I wish it is so simple. There are caches, zone transfer, dynamic updates etc > etc. The caches that will cache keys/certs will be the caches within the organizations that chosed to either put keys/certs in DNS or use keys/certs from DNS. Same goes for zone transfer, zone transfer of zones with keys/certs will only happen within organizations that put keys/certs in DNS. Same for dynamic updates. What are the etc etc? > Cache is a dual blade here - On one hand, it distributed the load and > contain it near the users. On the other, load of the cache would increase if > TCP fallback (assuming key RR dont fit into DNS/EDNS0 UDP packets) is used > often. ISPs is not going to like it. ISPs would love that. They make money transferring your bits. If you transfer more bits, they make more money. By the same argument, ISPs would not like it if you started to transfer more data through their HTTP proxies, or more data through their UseNet server. Ok, trying to be bit more realistic, ISPs would need more memory in their DNS server. This costs. On the other hand, providing DNS services is something customers pay for, so, again, they can ask more money from their customers that are willing to pay for DNS services.