[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver

Wes Hardaker wjhns1 at hardakers.net
Wed May 28 13:57:28 UTC 2008

>>>>> On Wed, 28 May 2008 10:46:07 +0200, Stephane Bortzmeyer <bortzmeyer at nic.f
r> said:

SB> I disagree. Firefox eats a lot of memory, not because of *one* service
SB> using most if it but because many people added one small service after
SB> the other, each one saying "oh, my addition is quite small".

SB> That's how you get bloat.

Agreed mostly.  However, once you look at the core of the firefox code
you'll realize there is a huge amount of complexity added to do some of
those small things.  Adding DNSSEC code actually required very little
modification (the trick was finding the right spots).  To give you an
idea of the complexity, the difference in stack levels between where the
page is displayed via the GUI and where the DNS lookup gets done is
probably 20-30 levels deep in stack calls (I counted once, but I don't
remember the exact number).  And a lot of that is actually switching
back and forth between C and javascript (large parts of firefox are
written in javascript).

But I agree, you shouldn't have DNSSEC in firefox if you don't want to
display DNSSEC related error messages.  And I agree, you shouldn't have
support for bookmarks if you don't use them.  The trick is building one
that is specific to just your needs.

"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett

More information about the dns-operations mailing list