> 1. no trust anchors in design, signatures seems to be loosely > connected. > 2. In it's ideal state it would change DNS to DNS over DNS-TXT. > 3. Requirements on aDNS server computation power is raised. > 4. I am not sure if labels like [...] make things more simpler.
5. I suspect having encryption will make getting export licenses more complicated. In the past, this used to be a big annoyance. Not sure how much a consideration it is today (but would be surprised if things are easier now then they were when I had a couple of lawyers look at it for DNSSEC (which doesn't have encryption)) and it may or may not be a significant consideration for the Unbound/PowerDNS folks. Don't know enough about DNSCurve as yet, but it definitely looks interesting. Regards, -drc _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
