Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Wed, 23 February 2011 23:36 UTC

Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4706E3A694E for <dnsext@core3.amsl.com>; Wed, 23 Feb 2011 15:36:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.096
X-Spam-Level:
X-Spam-Status: No, score=-0.096 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Cx6Cwu77luW for <dnsext@core3.amsl.com>; Wed, 23 Feb 2011 15:36:12 -0800 (PST)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by core3.amsl.com (Postfix) with SMTP id 0EB463A692C for <dnsext@ietf.org>; Wed, 23 Feb 2011 15:36:11 -0800 (PST)
Received: (qmail 35614 invoked from network); 23 Feb 2011 23:49:08 -0000
Received: from necom830.hpcl.titech.ac.jp (HELO ?127.0.0.1?) (131.112.32.132) by necom830.hpcl.titech.ac.jp with SMTP; 23 Feb 2011 23:49:08 -0000
Message-ID: <4D6599DF.70607@necom830.hpcl.titech.ac.jp>
Date: Thu, 24 Feb 2011 08:35:59 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
References: <20110216165921.GW96213@shinkuro.com> <3B90ED2E-980D-4B01-889F-447D66D0B58D@insensate.co.uk> <20110216174011.GZ96213@shinkuro.com> <20110218143653.GC84482@bikeshed.isc.org> <20110218151209.GF66684@shinkuro.com> <4D5EEE09.4080405@dougbarton.us> <20110218222950.GL74065@shinkuro.com> <4D5F270F.20401@abenaki.wabanaki.net> <199C7B2B4228461FB024E59A990DB46D@ics.forth.gr> <4D641DB6.4090705@necom830.hpcl.titech.ac.jp> <20110222205617.GS53815@shinkuro.com> <4D64489B.7020901@necom830.hpcl.titech.ac.jp> <713D992A-1DB9-4F72-9D18-8E923AD51D8D@icsi.berkeley.edu> <4D647551.5060602@necom830.hpcl.titech.ac.jp> <A0895032-7141-4289-8C38-D8A4D287A9E9@ICSI.Berkeley.EDU> <4D649C0B.40905@necom830.hpcl.titech.ac.jp> <24BA1B5B-5FA3-4A94-8174-B82066702D57@ICSI.Berkeley.EDU>
In-Reply-To: <24BA1B5B-5FA3-4A94-8174-B82066702D57@ICSI.Berkeley.EDU>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: dnsext@ietf.org
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2011 23:36:13 -0000

Nicholas Weaver wrote:

>> Considering the following statement in RFC5507 (April 2009):
>>
>>    DNS queries over TCP are not subject
>>    to this length limitation, but TCP imposes significantly higher per-
>>    query overhead on name servers than UDP.
>>
>> dynamic generation is not feasible at all.

> That is a statement in the RFC I find a bit of a red herring:
> I personally find that the DNS community's fear of
> computation made sense 15 years ago,

I gave you a reference.

> but we are in
> the days where 1U servers are massively powerful (8+
> core 1U servers are reasonable) and, more importantly,
> we understand how to make huge cluster servers that can
> RELIABLY scale to entire data centers.

We know how RSA-768 was attacked.

>> If it were vastly harder we should be using 520b key, if 512b
>> key was good enough 15 years ago.
>
> No, we should have ALWAYS been using 2048B RSA keys and 256B
> symmetric keys and 512B hashes.

The reality is that they changed, even though there was no progress
on integer factorization algorithm since 1996.

						Masataka Ohta