Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

Tony Finch <dot@dotat.at> Wed, 23 February 2011 10:37 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E45E3A6A00; Wed, 23 Feb 2011 02:37:29 -0800 (PST)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 472763A69FE for <dnsext@core3.amsl.com>; Wed, 23 Feb 2011 02:37:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.313
X-Spam-Level:
X-Spam-Status: No, score=-6.313 tagged_above=-999 required=5 tests=[AWL=0.286, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YH97vTAdXs8G for <dnsext@core3.amsl.com>; Wed, 23 Feb 2011 02:37:26 -0800 (PST)
Received: from ppsw-51.csi.cam.ac.uk (ppsw-51.csi.cam.ac.uk [131.111.8.151]) by core3.amsl.com (Postfix) with ESMTP id 126CB3A69FC for <dnsext@ietf.org>; Wed, 23 Feb 2011 02:37:26 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:56518) by ppsw-51.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.158]:25) with esmtpa (EXTERNAL:fanf2) id 1PsC6j-0003Ci-We (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 23 Feb 2011 10:38:09 +0000
Received: from fanf2 (helo=localhost) by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1PsC6j-0002oW-3U (Exim 4.67) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 23 Feb 2011 10:38:09 +0000
Date: Wed, 23 Feb 2011 10:38:09 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-1.csi.cam.ac.uk
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
In-Reply-To: <alpine.LSU.2.00.1102231030480.27602@hermes-1.csi.cam.ac.uk>
Message-ID: <alpine.LSU.2.00.1102231037250.27602@hermes-1.csi.cam.ac.uk>
References: <20110216165921.GW96213@shinkuro.com> <3B90ED2E-980D-4B01-889F-447D66D0B58D@insensate.co.uk> <20110216174011.GZ96213@shinkuro.com> <20110218143653.GC84482@bikeshed.isc.org> <20110218151209.GF66684@shinkuro.com> <4D5EEE09.4080405@dougbarton.us> <20110218222950.GL74065@shinkuro.com> <4D5F270F.20401@abenaki.wabanaki.net> <199C7B2B4228461FB024E59A990DB46D@ics.forth.gr> <4D641DB6.4090705@necom830.hpcl.titech.ac.jp> <20110222205617.GS53815@shinkuro.com> <4D64489B.7020901@necom830.hpcl.titech.ac.jp> <713D992A-1DB9-4F72-9D18-8E923AD51D8D@icsi.berkeley.edu> <4D647551.5060602@necom830.hpcl.titech.ac.jp> <alpine.LSU.2.00.1102231030480.27602@hermes-1.csi.cam.ac.uk>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Cc: dnsext@ietf.org
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Wed, 23 Feb 2011, Tony Finch wrote:
> On Wed, 23 Feb 2011, Masataka Ohta wrote:
> > Nicholas Weaver wrote:
> >
> > > OR use DNSSEC but sign data dynamically.
> > >
> > > 10 years ago, online signatures may have been questionable
> > > computationally.  Today, online signatures are near-trivial
> > > computationally.
> >
> > Any reference?
>
> PowerDNSSEC is designed for online signing, though its author doesn't
> recommend this mode for heavily loaded servers:
>
> http://doc.powerdns.com/powerdnssec.html
> http://doc.powerdns.com/dnssec-performance.html

And Dan Kaminsky's Phreebird DNSSEC reverse proxy does too:
http://dankaminsky.com/phreebird/

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Fisher, German Bight: Southeasterly 5 to 7, occasionally gale 8 in Fisher.
Moderate or rough. Rain or snow. Moderate, occasionally poor, light icing.
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext