On Tue, 3 Aug 2010 17:49:00 +0200 Eugen Leitl <[email protected]> wrote: > Encryption is cheap enough (especially if you cache keys from > previous sessions). Why not encrypt everything?
I'm not sure it is actually cheap enough in all cases. Imagine the state explosion problem that DNS root servers would face, for example, in providing pairwise crytpographic sessions for all queries, especially in a situation where for the most part one only wants to get a response that is authenticated but which is not per se secret. Also, as a practical matter, we don't really have protocol infrastructure for encrypting absolutely everything at this point. There is, for example, no protocol by which anonymous DNS queries could be easily encrypted. -- Perry E. Metzger [email protected] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
