[dns-operations] Cloudflare TYPE65283
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Mar 28 01:04:02 UTC 2023
On Mon, Mar 27, 2023 at 06:57:13PM -0600, Paul Ebersman wrote:
> viktor> Do the CPU and packet size reductions justify the additional
> viktor> protocol complexity?
>
> As IPv6 slowly creeps up in usage amongst folks not well versed in PMTUD
> and such (particularly more and more smaller middleware/firewall vendors
> or crap consumer routers), I think keeping response packet size down
> wherever we can is prudent.
Perhaps, but until the mythical post-quantum DNSSEC is needed, online
signers will use ECDSA, for which denial of existence is already
sufficiently compact, even with 4 RRSIGs (SOA + 3 NSEC3).
--
Viktor.
More information about the dns-operations
mailing list