[Cryptography] Certificates and PKI
Paul Wouters
paul at cypherpunks.ca
Sun Dec 28 14:42:19 EST 2014
On Sun, 28 Dec 2014, Viktor Dukhovni wrote:
>> As someone told me offline, qname minimalization actually solves this
>> problem.
>
> This had occured to me, but there are some issues:
>
> * With "_<port>._<proto>.mxhost.example.com" one might
> now need to make 5 queries instead of 3, unless there
> is way to "tune" minimization. I am concerned about the
> impact on latency.
>
> * Validating stub resolvers would need to retrieve each
> of the relevant intermediate nodes, increasing the number of
> messages sent to the recursive resolver.
edns-query-chain and persistent TCP connections to resolvers.
> * This still might not address denial of existence "spam".
That is a continued concern for every system publishing something :/
Paul
More information about the cryptography
mailing list