On Wed, Dec 05, 2018 at 03:49:53PM +0000, Paul Hoffman wrote:
> > If any of these helped reduce the potential state management problem for
> > DNS authoritative servers, that would be a major benefit IMO.
>
> It would be good to hear the needs of both sides first. HTTP over TLS
> has proven that it is quite possible to use an online security
> protocol even for lots of short messages. Amortizing the big CPU
> calculations may counterbalance the cost of the state management, or
> it might not.
Nod, HTTPS has demonstrated that TLS can be scalable (even more so in
recent years) and DNS is not different in this aspect. This is one
aspect for protocol selection. I also worry about roundtrips in
recursive resolution. If a message security scheme can somehow work as a
stateless request-response protocol where prior state establishment is
not necessary, it can reduce time to respond to queries comparable to
traditional DNS. This was not a problem for stub->resolver transport
where processing a client request is limited to talking to one peer, and
RTT to a resolver is usually low. resolver->auth is different where the
transport can be used many times for a single client query.
Mukund
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
