Re: DNSCurve vs. DNSSEC - FIGHT!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Florian Weimer wrote:

>>No, it is not expected that gtld servers will become
>>"???????????????????????????????????????????????????.gtld-servers.net",
>>only to cause message size overflow.

> Wouldn't compression kick in if they shared keys (assuming that
> DNSCurve doesn't sift the key from only the first label), making the
> overhead negligible?

There are several ways, such as anycasting, to overcome the problem.
However, they will require wide distribution of secret keys.

Anyway, my point is that there was no expectation.

Another evidence is lack of the concept of "root key" and other
things. If relying on security of root and other zones, which are
not really secure, was seriously considered, there should be
provisions for more complex mechanisms such as key roll over to
make the system a little less insecure.

						Masataka Ohta


_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]