On Mon, Mar 27, 2023 at 06:57:13PM -0600, Paul Ebersman wrote:
> viktor> Do the CPU and packet size reductions justify the additional
> viktor> protocol complexity?
>
> As IPv6 slowly creeps up in usage amongst folks not well versed in PMTUD
> and such (particularly more and more smaller middleware/firewall vendors
> or crap consumer routers), I think keeping response packet size down
> wherever we can is prudent.
Perhaps, but until the mythical post-quantum DNSSEC is needed, online
signers will use ECDSA, for which denial of existence is already
sufficiently compact, even with 4 RRSIGs (SOA + 3 NSEC3).
--
Viktor.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
