Florian Weimer wrote: >>No, it is not expected that gtld servers will become >>"???????????????????????????????????????????????????.gtld-servers.net", >>only to cause message size overflow. > Wouldn't compression kick in if they shared keys (assuming that > DNSCurve doesn't sift the key from only the first label), making the > overhead negligible? There are several ways, such as anycasting, to overcome the problem. However, they will require wide distribution of secret keys. Anyway, my point is that there was no expectation. Another evidence is lack of the concept of "root key" and other things. If relying on security of root and other zones, which are not really secure, was seriously considered, there should be provisions for more complex mechanisms such as key roll over to make the system a little less insecure. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf