Comment by indolering
4 hours ago
True, but DNSSEC doesn't need to worry about forward secrecy and it doesn't need quantum protection until someone can start breaking keys in under a year. Hopefully we will find more efficient PQC by then.
4 hours ago
True, but DNSSEC doesn't need to worry about forward secrecy and it doesn't need quantum protection until someone can start breaking keys in under a year. Hopefully we will find more efficient PQC by then.
People tried to move DNSSEC from RSA to ECC more than a decade ago. How'd that migration go? If you like, I can give you APNIC's answer.
RSA is still fine given that you can't break it in a year and we aren't worried about forward secrecy.
Also, I worked for a DNS company. People stopped caring about ulta-low latency first connect times back in the 90s.
You are clearly very proud of your work devaluing DNSSEC. But pointing to lack of adoption doesn't make your arguments valid.
> People stopped caring about ulta-low latency first connect times back in the 90s.
They did? That's certainly going to be news to the people at Google, Mozilla, Cloudflare, etc. who put enormous amounts of effort into building 0-RTT into TLS 1.3 and QUIC.
11 replies →
I don't know about "valid". "Correct", maybe? "Prescient"?