To:
ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
21 Jul 2001 04:14:22 -0000
Automatic-Legal-Notices:
Copyright 2001, D. J. Bernstein. My transmission of this message to you does not constitute a copyright waiver or any other limitation of my rights, even if you have told me otherwise.
Content-Disposition:
inline
Subject:
Re: NGtrans - DNSext joint meeting, call for participation
Matt Crawford writes: > So if it's all right for your > interface ID and/or subnet information to persist for a month, but > you want to be able to change your global prefix(es) on a day's > notice, you get a 30-to-1 work savings on almost all of your RRsets. No. Under your one-month assumption, all records will be signed at least once a month, to eliminate the expiration-date security problem. The extra signings for renumbering happen only when renumbering happens. If we have 10000 30-day-notice MAC addresses with a 1-day-notice prefix, for example, and we have three renumberings over the next twenty years, the difference between AAAA and A6 is the difference between 2465000 signings and 2442305 signings. Where's the 30-to-1 savings? Put differently: You've been saying that it's painfully expensive to sign every record. But now you're admitting that this has to be done at least a dozen times every year! Of course, the other serious problem with your argument is that your one-month assumption is wrong. It is _not_ acceptable for information to persist for a month. I addressed this in my previous message, and in my ``Extremely long TTLs'' message six months ago. I'm not sure why you've waited six months to state your disagreement. ---Dan