ietf
[Top] [All Lists]

Re: DNSCurve vs. DNSSEC - FIGHT!

2010-02-26 03:52:27
Florian Weimer wrote:

No, it is not expected that gtld servers will become
"???????????????????????????????????????????????????.gtld-servers.net",
only to cause message size overflow.

Wouldn't compression kick in if they shared keys (assuming that
DNSCurve doesn't sift the key from only the first label), making the
overhead negligible?

There are several ways, such as anycasting, to overcome the problem.
However, they will require wide distribution of secret keys.

Anyway, my point is that there was no expectation.

Another evidence is lack of the concept of "root key" and other
things. If relying on security of root and other zones, which are
not really secure, was seriously considered, there should be
provisions for more complex mechanisms such as key roll over to
make the system a little less insecure.

                                                Masataka Ohta


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>