the technical relevance of EV is pretty limited. For example, you can cross script between DV&EV.
NSEC/NSEC3 also require O(logN) tree lookups. O(1) hash is possible without.
-
-
Bottom line: DNSSEC does make DNS DDOS mitigation much harder.
-
Don’t get me wrong: DNSSEC DDOS is a problem! Just not biggest DNSSEC problem.
- 3 more replies
New conversation -
-
-
online nsec3 is nice.
-
1/ online signing is much more expensive than an O(1) lookup so point is moot
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.