On Tue, Jul 10, 2012 at 12:50 PM, Brian W. <br...@brianwhalen.net> wrote: > I think tcp is only used for really large transfers,
Really large transfers... like DNSSEC. D'oh. > which a non malicious user wouldn't need. Agreed. DNSSEC today is way more useful for malicious users than non-malicious ones because amplification attacks are a reality whereas verifying DNS packets is fantasy. (Also, unfortunately that's not really true; if you have large enough response records you might need TCP transport even without DNSSEC. But at least TCP is more resilient to blind spoofing than UDP is.)
