[dns-operations] DNSSEC validation and crypto on hand-held devices

Paul Wouters paul at cypherpunks.ca
Mon Jul 23 15:33:31 UTC 2012

On Mon, 23 Jul 2012, Jim Reid wrote:

> IMO, DNSSEC validation in something like an Android handset will be like 
> watching an elephant ballet-dance: it can be done but the results will be 
> ugly. So the resolvers on these things will almost certainly use a secure 
> path to a trusted validating resolver.

You realise you are talking about a hand held device that plays 1136x640
full motion graphics and runs IPsec VPNS and TLS without problems?

I'm pretty sure any DNSSEC is latency bound on 3G, not CPU bound.
unbound with prefetching will be a very robust and fast solution that I
bet works pretty much transparently (if it has dnssec-trigger to work
around bad networks)


More information about the dns-operations mailing list