On 7 Jul 2026, at 07:02, Ondřej Surý <[email protected]> wrote: > I believe it is dangerous to say "it is ok to deploy PQC algorithms with > large signatures" because we have these optimizations. The fact is > that we either need a PQC algorithm that will be size-suitable for DNS > or we will have to brace for the impact of completely switching to TCP.
I think this idea (Wes' idea) is interesting but I think we are again just moving deckchairs. We could keep bolting on new bracing to prolong the life of UDP transport, or we could just concentrate our efforts on the inevitable widespread option of something better. We have secure, stream-based transport defined and in use between stub and resolver. It doesn't take too much imagination to see those transport protocols being used in other parts of the resolution graph, with port 53 relegated to legacy support for a long tail of clients that will probably never be able to consume a PQC signature. I don't think there is any chance of DNSSEC meeting any of the PQC deadlines we know about. However, PQC is already deployed and in use in TLS. The encrypted transport protocols already defined and in use in the DNS use TLS. We should concentrate our energy on connecting these dots. Joe _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
