Re: Q2: crypto algorithm requirements for DNSSEC

[Miek Gieben <miekg@atoom.net>]

[ post by non-subscriber.  with the massive amount of spam, it is easy to miss
  and therefore delete posts by non-subscribers.  if you wish to regularly
  post from an address that is not subscribed to this mailing list, send a
  message to <listname>-owner@ops.ietf.org and ask to have the alternate
  address added to the list of addresses from which submissions are
  automatically accepted. ]

[On 13 Feb, @13:09, Jakob wrote in "Re: Q2: crypto algorithm requi ..."]
> On Thu, 13 Feb 2003, Jim Reid wrote:
> 
> > Well zone size is one consideration.
> 
> maybe for .de and .com, otherwise I doubt that is a real problem.

true, the size of .nl would be something of 600 MB (with 768 bits keys).
This can be handled.

> > Another would be the extra time and resources needed to sign the same
> > data with different algorithms.
> 
> I wouldn't consider the resources used for signing a problem with modern
> hardware - people sign .com with their desktop machine within reasonable
> time.

so you're asking a TLD to carry twice the load for an event which is unlikely
to happen soon? And further more, we (.nl), have to explain to every domain
holder in .nl that signing with 2 algorithms is better than signing with 1.
I think that will be very hard to do and enforce.

grtz Miek



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>