Re: Q2: crypto algorithm requirements for DNSSEC

[Derek Atkins <derek@ihtfp.com>]

"Loomis, Rip" <GILBERT.R.LOOMIS@saic.com> writes:

> I know that leaving DSA as a "must implement" algorithm smacks of
> over-engineering to some folks.  Can anyone provide a convincing
> argument of what the DSA-specific code actually "costs" a developer
> (in terms of size of compiled code or other criteria)?  To me it
> seems minor in the big scheme of things, and I think DSA should be
> left in the "must implement" category.  I can live without it, but
> I just haven't seen a convincing argument to remove it.

I don't think anyone has argued that leaving DSA as a "must implement"
is over-engineering.  I _believe_ that the arguments have been that
specifying that operationally you MUST USE both RSA _AND_ DSA in your
zone is over-engineering.

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>