looks like that changeover is in a month. Whereas you're scheduled to deliver an alternative never
-
-
Replying to @dakami @WatsonLadd and
Correct, because no alternative is needed; the effort is harmful.
1 reply 0 retweets 1 like -
Need I point out that long DNS responses are hellfire missiles of DDOS?
1 reply 0 retweets 2 likes -
Replying to @WatsonLadd @dakami and
That’s true, but really, all of DNS is that (for instance, ANY queries.)
1 reply 0 retweets 0 likes -
Replying to @tqbf @WatsonLadd and
ANY/MX/SRV/NS queries are for non-interactive lookups, can force TCP without user impact.
2 replies 0 retweets 1 like -
NSEC/NSEC3 also require O(logN) tree lookups. O(1) hash is possible without.
2 replies 0 retweets 0 likes -
online nsec3 is nice.
1 reply 0 retweets 0 likes -
1/ online signing is much more expensive than an O(1) lookup so point is moot
2 replies 0 retweets 0 likes -
2/ offline key is literally the only crypto advantage DNSSEC has - and you throw it away?
2 replies 0 retweets 0 likes -
DNSSEC needs to have offline for root and com, not universally. Engineering tradeoffs.
1 reply 0 retweets 0 likes
leaf node keys are the most valuable, roots the least. Trade off is backwards.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.