At 10:25 PM -0400 4/24/09, Joe Abley wrote: >My point is that given the choice between "doing what is currently considered >safe" and "exceeding what is currently considered safe by a factor of four >with no additional cost to you" I think many otherwise uninformed zone >administrators are conditioned to choose the latter.
...which a good reason why we give actual numbers in this draft. I don't see where you are going with this. Do you want us to give hard numbers and not justify them so admins won't pick anything else? Or? >>>On the flip side, how can the "real cost" for validator-operators that you >>>assert be quantified? >> >>Exactly. > >So your point is that you don't know how to quantify it? Correct. How can you know how many other zone admins waste cycles on validator boxes? How can you know how many cycles are being used on those boxes for other things? >>How will you know? Why not stop when enough is enough? > >Because there's no incentive for a zone administrator to choose anything other >than the largest key her tools let her create. So what is "enough"? An attack that would cost hundreds of millions of dollars and take longer than your key will be valid. This was covered earlier in this thread. --Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop