* Masataka Ohta: > Florian Weimer wrote: > >>>As DNSCurve protection is like DH, it is subject to MitM attacks, >>>which is no different from simple nonce. > >> I think the expectation is that you learn the server names (and hence >> their keys) of child zones from parents, under DNSCurve's >> cryptographic protection. This is slightly different from plain DH. > > No, it is not expected that gtld servers will become > "???????????????????????????????????????????????????.gtld-servers.net", > only to cause message size overflow. Wouldn't compression kick in if they shared keys (assuming that DNSCurve doesn't sift the key from only the first label), making the overhead negligible? -- Florian Weimer <fweimer@xxxxxx> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf