> 1. no trust anchors in design, signatures seems to be loosely  
> connected.
> 2. In it's ideal state it would change DNS to DNS over DNS-TXT.
> 3. Requirements on aDNS server computation power is raised.
> 4. I am not sure if labels like [...] make things more simpler.

5. I suspect having encryption will make getting export licenses more  
complicated.  In the past, this used to be a big annoyance.  Not sure  
how much a consideration it is today (but would be surprised if things  
are easier now then they were when I had a couple of lawyers look at  
it for DNSSEC (which doesn't have encryption)) and it may or may not  
be a significant consideration for the Unbound/PowerDNS folks.

Don't know enough about DNSCurve as yet, but it definitely looks  
interesting.

Regards,
-drc

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to