[dns-operations] DNSSEC validation and crypto on hand-held devices
Warren Kumari
warren at kumari.net
Tue Jul 24 15:31:54 UTC 2012
On Jul 23, 2012, at 8:33 AM, Paul Wouters wrote:
> On Mon, 23 Jul 2012, Jim Reid wrote:
>
>> IMO, DNSSEC validation in something like an Android handset will be like watching an elephant ballet-dance: it can be done but the results will be ugly. So the resolvers on these things will almost certainly use a secure path to a trusted validating resolver.
>
> You realise you are talking about a hand held device that plays 1136x640
> full motion graphics and runs IPsec VPNS and TLS without problems?
>
> I'm pretty sure any DNSSEC is latency bound on 3G, not CPU bound.
> unbound with prefetching will be a very robust and fast solution that I
> bet works pretty much transparently (if it has dnssec-trigger to work
> around bad networks)
See also Olafur Gudmundsson's presentation at the DNSSEC workshop at ICANN44 -- "Challenges of Putting the Resolving Validator in a Constrained Environment" http://prague44.icann.org/meetings/prague2012/presentation-dnssec-without-humans-27jun12-en.pdf
and
"Is a $70 router fast enough for DNSSEC?" -- https://www.dnssec-deployment.org/index.php/2012/03/is-a-70-router-fast-enough-for-dnssec/
These are both about doing validation on small, crappy CPE, with much smaller processors than Android handsets / tablets…
W
>
> Paul
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
--
American Non-Sequitur Society;
we don't make sense, but we do like pizza!
More information about the dns-operations
mailing list