In your previous mail you wrote: That might be draft-hoffman-dnssec-ecdsa.
=> IMHO we have a problem with ECDSA (and DSA too): verify is too slow, in particular it is slower than signature. You can expect a crypto accelerator for a master authoritative server, but not (yet?) for a caching server... I think this killed DSA in the real world (no DNSSEC deployment uses it). Thanks francis.dup...@fdupont.fr PS: I have another (very technical) concern: I deeply dislike crypto algorithms which require a random value for signing. DSA has this IMHO bad property and ECDSA shares it. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
