Paul, On Apr 3, 2014, at 12:38 AM, Paul Wouters <p...@nohats.ca> wrote: >>> Saving space and time does matter. Roughly half the operators I studied >>> would include a backup key on-line because “they could” with the shorted >>> length. And performance does matter - ask the web browser people. > Because we want to make security decisions based on a 1ms latency browser war?
We want to make security decisions that actually improve security. Making a decision that results in people turning security off because the (perceived at least) performance impact is too large does not improve security. People are already doing insanely stupid things (e.g., not following TTLs) because they eke out a couple of extra milliseconds in reduced RTT per query (which, multiplied by the zillions of queries today's high content websites require, does actually make a difference). Having not looked into it sufficiently, I do not have a strong opinion as to whether increasing key lengths will result in people either not signing or turning off validation, but I believe it wrong to disregard performance considerations. Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop