there is some evidence to suggest that two factors will drive increasingly large responses. first is signing with multiple algorithms and second is increases in key sizes. in a worst case model, we have to shift to the McEliece cryptosystem, post quantum crypto. for a standard selection of parameters, the public key is 512 kilobits long. for quantum computing, key sizes must be increased by a factor of four due to improvements in information set decoding. Attacking and defending the *McEliece cryptosystem* <https://www.google.com/url?url=http://scholar.google.com/scholar_url%3Furl%3Dftp://nozdr.ru/biblio/kolxo3/Cs/CsLn/Post-Quantum%252520Cryptography,%2525202%252520conf.,%252520PQCrypto%2525202008(LNCS5299,%252520Springer,%2525202008)(ISBN%2525209783540884026)(239s).pdf%2523page%253D40%26hl%3Den%26sa%3DX%26scisig%3DAAGBfm0XEERxI9tL9IfgPGaNOklLIG0r1Q%26nossl%3D1%26oi%3Dscholarr&rct=j&q=&esrc=s&sa=X&ved=0ahUKEwiD6ue0pbvWAhVY-GMKHeFKBUIQgAMIJygAMAA&usg=AFQjCNHV1StJs0Pom6FVNA77UEgVzinRbw> - Bernstein .... so, yes, bigger responses should be planned for. Anyone for DNS over BitTorrent? :)
/Wm On Wed, Sep 20, 2017 at 8:22 PM, Davey Song(宋林健) <ljs...@biigroup.cn> wrote: > Thank you. > > > > The large DNS response in IPv6 is a real problem. ATR is one option to > adopted in authoritative server alone. If someone or party have more > influence on both resolver and authoritative side (cloud and app provider who > can choose their own DNS resolution path), Mukund’s proposal to fragment the > DNS message is a good solution. > https://tools.ietf.org/html/draft-muks-dns-message-fragments-00 > > > > So I do recommend ATR and DNS message fragments should be both considered > in a tool box for large DNS response issues. > > > > Davey > > > > *发件人:* DNSOP [mailto:dnsop-boun...@ietf.org] *代表 *william manning > *发送时间:* 2017年9月21日 1:30 > *收件人:* Davey Song > *抄送:* dnsop > *主题:* Re: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt > > > > i think this is a worthy document for consideration. > > > > /Wm > > > > On Sun, Sep 10, 2017 at 9:29 PM, Davey Song <songlinj...@gmail.com> wrote: > > Hi folks, > > > > I just submit a draft dealing with issue of large DNS response especially > in IPv6. Commnets are welcome. > > > > If chairs think it is in the scope of dnsop wg and encourage us to discuss > it in this mailing list, I can submit it as a draft listed in dnsop wg. > > > > Davey > > > > > > ---------- Forwarded message ---------- > From: <internet-dra...@ietf.org> > Date: 11 September 2017 at 10:13 > Subject: I-D Action: draft-song-atr-large-resp-00.txt > To: i-d-annou...@ietf.org > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : ATR: Additional Truncated Response for Large DNS > Response > Author : Linjian Song > Filename : draft-song-atr-large-resp-00.txt > Pages : 8 > Date : 2017-09-10 > > Abstract: > As the increasing use of DNSSEC and IPv6, there are more public > evidence and concerns on IPv6 fragmentation issues due to larger DNS > payloads over IPv6. This memo introduces an simple improvement on > authoritative server by replying additional truncated response just > after the normal large response. > > REMOVE BEFORE PUBLICATION: The source of the document with test > script is currently placed at GitHub [ATR-Github]. Comments and pull > request are welcome. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-song-atr-large-resp/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-song-atr-large-resp-00 > https://datatracker.ietf.org/doc/html/draft-song-atr-large-resp-00 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > i-d-annou...@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
