To:
"D. J. Bernstein" <djb@cr.yp.to>
Cc:
ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Matt Crawford <crawdad@fnal.gov>
Date:
Fri, 20 Jul 2001 11:59:48 -0500
In-reply-to:
"20 Jul 2001 05:46:49 PDT." <E15NZg9-0006W0-00@psg.com>
Sender:
crawdad@gungnir.fnal.gov
Subject:
Re: NGtrans - DNSext joint meeting, call for participation
> 2. There's a common error in the evaluation of DNSSEC signing costs. I'd > like to draw attention to a new section that I've added to my web page > to analyze this error: http://cr.yp.to/djbdns/killa6.html#signingcosts Your reasoning is markedly incorrect if applied to A6. If we take site renumbering to be the dominant factor controlling signature-validity times, then the signatures on the A6 records covering interface identifiers and subnets can be valid for a long time, and only one or a small number of A6 rrsets covering the global prefixes needs to be re-signed frequently. > 3. I don't understand why this is an ngtrans issue rather than an ipngwg > issue. The question is not how to move smoothly to A6/DNAME; the > question is whether we want A6/DNAME at all. On this we agree.