[Cryptography] Certificates and PKI

Paul Wouters paul at cypherpunks.ca
Sun Dec 28 14:42:19 EST 2014

On Sun, 28 Dec 2014, Viktor Dukhovni wrote:

>> As someone told me offline, qname minimalization actually solves this
>> problem.
> This had occured to me, but there are some issues:
>    * With "_<port>._<proto>.mxhost.example.com" one might
>      now need to make 5 queries instead of 3, unless there
>      is way to "tune" minimization.  I am concerned about the
>      impact on latency.
>    * Validating stub resolvers would need to retrieve each
>      of the relevant intermediate nodes, increasing the number of
>      messages sent to the recursive resolver.

edns-query-chain and persistent TCP connections to resolvers.

>    * This still might not address denial of existence "spam".

That is a continued concern for every system publishing something :/


More information about the cryptography mailing list