On Sun, Apr 13, 2014 at 09:16:39AM -0400, Phillip Hallam-Baker wrote: > > The nice thing about this is that it means support for the secure DNS > actually reduces the load on the server. Instead of making at least > two separate queries (A, AAAA) there is a single query. Since the > crypto overhead is negligible (its all symmetric key), this is almost > certainly a net win as most servers are I/O and transaction bound > rather than CPU bound.
There's also another factor to consider: Memory use. Specifically, how much memory "sessions" that aren't currently being prcessed, but which need to be able to bring to service in 0 RTT use. I have no idea how DTLS would fare here... Also, agreed that DTLS is a serious mess (and I think it is going to get even worse). -Ilari _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
