Re: Q2: crypto algorithm requirements for DNSSEC

[Rob Austein <sra+namedroppers@hactrn.net>]

At 12 Feb 2003 11:49:34 -0500, Derek Atkins wrote:
> 
> "Loomis, Rip" <GILBERT.R.LOOMIS@saic.com> writes:
> 
> > I know that leaving DSA as a "must implement" algorithm smacks of
> > over-engineering to some folks.  Can anyone provide a convincing
> > argument of what the DSA-specific code actually "costs" a developer
> > (in terms of size of compiled code or other criteria)?  To me it
> > seems minor in the big scheme of things, and I think DSA should be
> > left in the "must implement" category.  I can live without it, but
> > I just haven't seen a convincing argument to remove it.
> 
> I don't think anyone has argued that leaving DSA as a "must implement"
> is over-engineering.

Sorry, but I have.

Rip, I don't have numbers for this specific DSA question, but after a
decade in the embedded software market I can tell you that code space
-always- costs for low end devices, it's just economics.

So I have to turn the question around.  Show me that keeping DSA as
manadatory to implement is important, and I can live with it.  But
keeping with no strong reason to believe that it buys us anything is
bad, because code that brings no comprehensible benefit to the
customer has this nasty tendency to be left out of the final product
whether the spec says it's mandatory or not, at which point we have
interoperability problems.

--Rob

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>