To:
Simon Josefsson <simon+keydist@josefsson.org>
CC:
Pekka Savola <pekkas@netcore.fi>, Michael Richardson<mcr@sandelman.ottawa.on.ca>, Franck Martin <franck@sopac.org>, keydist@cafax.se, openssl-users@openssl.org, ietf@ietf.org, isdf@isoc.org
From:
"Eric A. Hall" <ehall@ehsco.com>
Date:
Tue, 11 Jun 2002 13:04:05 -0500
Sender:
owner-keydist@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
Subject:
Re: Global PKI on DNS?
on 6/8/2002 8:54 PM Simon Josefsson said the following: > Despite the FUD presented by certain individuals that doesn't want > keys/certs in DNS, people have already tarted doing it and it works > fine. Setting aside the issue of whether or not people are spreading FUD, perhaps you could tell us about your setup. How homogenous were the applications and operating systems that requested the certs? What resolver calls did you use? What other RRs were bound to the owner names? How many delegation entries did you provide along with the data and what was the message size without the certs? How big were the certs? Did any of the lookups overflow, and did everything support TCP fallback? and finally, do you think that the answers will be the same for all nodes across the global namespace? -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/