On 02. 07. 26 18:32, Wes Hardaker wrote:
The DNS world is a bit behind in thinking about the impact of PQC
algorithms and their impact on DNSSEC. That's not being quite fair, as
there have been a bunch of people doing research and pointing out the
issues are pressing and difficult. But few solutions exist other than
"just use TCP".
So I was thinking about that problem space and how to continue being as
efficient as possible without requiring every connection be over TCP and
every connection always downloading large RRsets. And during thinking
about that, the bad idea fairy paid me a visit. So I wrote down the
whispers from the fairy that entered my ears:
https://datatracker.ietf.org/doc/draft-hardaker-dnsop-nothing-new/
Is this going far enough? Are we _sure_ 64k message limit is going to be
enough? Say 3 NSECs with their RRSIGs put as at 21 k per RRSIG tops.
Anyone got an insight if we better start working on a new message format?
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]