On Sat, Jun 08, 2002 at 01:35:42PM -0700, David Conrad wrote: > On 6/8/02 6:22 AM, "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote: > > DNS packets are limited to 512 bytes. > > No they are not. They are limited to 64K. Even without EDNS0, a large > response can fall back to TCP. You know this.
actually UDP/IP max_size is 512 Bytes > > Few MTUs are larger than 1500. > > What is the average size of a CERT (honest question, I have no idea)? > > > Anyway -- the concept is called "appkeys", and has been discussed in > > the dnsext working group. Check the archives. > > I thought APPKEY was addressing putting non-self-validating keys into the > DNS, relying on DNSSEC to insure a chain of trust. > Rgds, > -drc Best Regards, [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
