On May 16, 2014, at 7:44 AM, Colm MacCárthaigh <c...@allcosts.net> wrote:
>> Actually, you can. You prioritize non-NSEC3 records, since thats a finite, >> identifiable, priority set, and cache the responses. Thus if you have 10k >> valid names, each with 100 different possible responses, and have a max 1 >> minute TTL on signatures, thats only 16k signatures/s in the absolute worst >> case, which you can do on a single, 16 core computer. >> > 16k/second is nothing, and I can generate that from a wristwatch computer. > Caching doesn't help, as the attackers can (and do) bust caches with > nonce-names and so on :/ A 16 core machine can do a million QPS relatively > easily - so it's a big degradation. You miss my point. That server is doing a million QPS, but its only providing ~16k/s distinct answers. Your wristwatch computer can only cause a dynamic server a problem if its competing with the legitimate query stream's priority category. The "priority" category, assuming 10k names and 100 options/name and 1m max TTL requires only a single system to support. Thus your wristwatch loaders can only act to load the non-priority category, which would be NSEC3. If you actually care about zone enumeration, you MUST generate NSEC3 records on the fly, because lets face it, NSEC3 in the static case doesn't stop trivial enumeration of the zone. Basically, its observing that what you really want is "semi-online": The names you care about have at least some history/cacheability, and some level of finite space, but only on the order of a minute. Once that property is there, you can do dynamic signing to your heart's content. -- Nicholas Weaver it is a tale, told by an idiot, nwea...@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
