To:
Matt Crawford <crawdad@fnal.gov>
Cc:
"D. J. Bernstein" <djb@cr.yp.to>, ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
itojun@iijlab.net
Date:
Sat, 21 Jul 2001 02:18:45 +0900
In-reply-to:
crawdad's message of Fri, 20 Jul 2001 11:59:48 EST. <200107201659.f6KGxmF10588@gungnir.fnal.gov>
Sender:
itojun@itojun.org
Subject:
Re: NGtrans - DNSext joint meeting, call for participation
>> 2. There's a common error in the evaluation of DNSSEC signing costs. I'd >> like to draw attention to a new section that I've added to my web page >> to analyze this error: http://cr.yp.to/djbdns/killa6.html#signingcosts >Your reasoning is markedly incorrect if applied to A6. If we take >site renumbering to be the dominant factor controlling >signature-validity times, then the signatures on the A6 records from what I got from reading djb's webpage, djb's point is that the dominant factor controlling signature-validity time is security, and for that reason he claims it needs to be very short (so there's no real difference in signing overhead for AAAA or A6). so the assumption for the "dominant factor" is totally different between you two. i'm still not sure if djb's claim is right or not, but anyway that's what i got from his note. itojun