Re: (ngtrans) Re: NGtrans - DNSext joint meeting, call for participation

[D. J. Bernstein]

Robert Elz writes:
> The data needs to be somehow carried to the key (which cannot be
> exposed anywhere near any network), the signing done, and then the
> data carried back again.   Doing that once a month for most people
> just might be tolerable - once a day and all that will ever exist are
> expired signatures.

How, pray tell, do you expect a large site to sign its DNS records, if
it has access to its signing key only twelve times a year?

This is even worse than ``wait a month for old records to go away.'' It
also means ``wait a month for new records to appear.'' Do you seriously
believe that administrators and users will tolerate this?

---Dan
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------