Re: Q2: crypto algorithm requirements for DNSSEC

[Jakob Schlyter <jakob@crt.se>]

On Thu, 13 Feb 2003, Miek Gieben wrote:

> > I wouldn't consider the resources used for signing a problem with modern
> > hardware - people sign .com with their desktop machine within reasonable
> > time.
>
> so you're asking a TLD to carry twice the load for an event which is unlikely
> to happen soon?

yes, if we come to the conclusion that we should use two algorithms.

> And further more, we (.nl), have to explain to every domain holder in
> .nl that signing with 2 algorithms is better than signing with 1.

if we cannot explain why to normal people, I'm not sure we should do two
algorithms.


	jakob

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>