[dns-operations] Cloudflare TYPE65283

Viktor Dukhovni ietf-dane at dukhovni.org
Tue Mar 28 01:04:02 UTC 2023


On Mon, Mar 27, 2023 at 06:57:13PM -0600, Paul Ebersman wrote:

> viktor> Do the CPU and packet size reductions justify the additional
> viktor> protocol complexity?
> 
> As IPv6 slowly creeps up in usage amongst folks not well versed in PMTUD
> and such (particularly more and more smaller middleware/firewall vendors
> or crap consumer routers), I think keeping response packet size down
> wherever we can is prudent.

Perhaps, but until the mythical post-quantum DNSSEC is needed, online
signers will use ECDSA, for which denial of existence is already
sufficiently compact, even with 4 RRSIGs (SOA + 3 NSEC3).

-- 
    Viktor.



More information about the dns-operations mailing list