David,
On Aug 19, 2008, at 9:09 AM, David Ulevitch wrote:
which you could have argue against 10 years ago but not now.
It's such a shame that computer processing technology for doing
stuff like cryptography hasn't advanced in 10 years.
Unfortunately, the Internet has grown in 10 years, too.
Indeed it has. However, I gather Masataka is concerned about (D)DoS
against caching servers due to the increased workload of validating
cryptographic signatures. If the caching server is moved down closer
to the end node, the fact that the Internet has grown becomes
irrelevant since the validation load is being spread across many
machines.
Do you want to fund my costs of supporting (and encouraging my
clients to use) DNSSEC?
I don't use your service. If your customers feel there is value in
what DNSSEC can provide, they'll presumably pay you for DNSSEC
functionality and if you don't have it, they'll find some other way of
meeting their needs. Of course, the decision is yours as to whether
and/or at what point in time you want to take the risk/cost of adding
DNSSEC functionality to your service.
Regards,
-drc
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop