On Thu, 19 Mar 2015, W.C.A. Wijngaards wrote:
Could perhaps a different algorithm, like ED25519, provide better performance, and would that performance then be adequate?
Different algorithms differ in performance how much? A factor 2? Maybe 10? Compared to a botnet, I don't think that it is very relevant at all.
The draft allows negotiation of a symmetric key so normally a lot of asymmetric operations can be avoided by the use of a cache. For a cookie mechanism, there is the cookie draft from Eastlake and Andrews.
Demanding source ip verification before allowing crypto seems a very good idea with no real impact other than rejecting spoofed IPs or old clients - and old clients won't support crypto anyway. Paul _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
