On 6/15/25 02:35, Stephen Farrell wrote:
On 12/06/2025 20:36, Hollenbeck, Scott wrote:
Earlier today I added text describing Verisign's RFC 9539 Experiment
to GitHub:
https://github.com/ietf-wg-dprive/9539-data/blob/main/
Verisign's%20RFC%209539%20Experiment
Thanks for posting that summary.
I do wonder though how much weight ought be attached to experiments
unless those can be replicated, so have you considered posting more
detail so that others (other TLD operators for example) could try to
do commensurate experiments? Without the ability to replicate an
experiment, it's hard to evaluate anything.
Thanks,
S.
PS: Having said that, encrypted DNS to a large TLD operator poses
obviously hard problems, so I'm not expecting confirmatory studies
could show hugely different results, but if we want to experiment
in a scientific manner, the ability to replicate is crucial.
PPS: Apologies if I missed where there's more information about the
experiment somewhere else, which is entirely possible;-)
I don't have experimental setup at hand, but I can share some historical
information.
We have done our own experiments internally in lab. Indeed
non-cooperating clients which do TLS handshakes without session
resumption (no connection reuse) can hurt performance a big time.
These experiments were conducted using GnuTLS and OpenSSL available
around February 2022, but I don't expect significant changes. CPU
profiling at the time shown that ~ 30 % of time was spent in OpenSSL
functions named 'x25519_*', so even if everything else went to zero
(unrealistic) it would still hurt.
--
Petr Špaček
Internet Systems Consortium
_______________________________________________
dns-privacy mailing list -- [email protected]
To unsubscribe send an email to [email protected]
