On Fri, 22 Jan 2010, Paul Wouters wrote: > On Fri, 22 Jan 2010, Alex Bligh wrote: >> I meant computational resource requirements resultant from crypto >> operations, not algorithmic complexity. > > I had no problems doing this on a 1.2M domains TLD zone, using off the > shelf hardware, integrating into the TLD's hourly update interval. > (http://www.cira.ca/dnssec/)
Try 100M delegations, updated every 15 seconds, and sending the resulting large non-Opt-out zone to places with poor connectivity such as Nairobi, Kenya. Arguments such as "I did it on once on commodity hardware with freely available tools" or "you can implement that in an afternoon" do not transfer well to large, critically important TLDs (or any large-scale, critical service). Matt _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
