In your previous mail you wrote: If a caching server is required to perform public key computation to verify RRs before caching, it can't support much clients...
=> the common assumption that public key computation is slow or expensive is *wrong*. According to 'openssl speed rsa', My old 20EUR/month box is at 2900 verify/s (1024 bits) and any recent desktop should be >> 10000 verify/s. DNSSEC has a cost but it is not in the asymmetric crypto part! Regards [EMAIL PROTECTED] PS: I (as many Frenchs) believe in Elliptic Curves (mainly because of the size, i.e., not only for the speed). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
