[dnssec-deployment] [regarding crypto issues on DNSSEC]
Lutz Donnerhacke
lutz at iks-jena.de
Mon Apr 6 06:24:58 EDT 2009
* Dmitry Burkov wrote:
> What do you want to prove?
I wonder how so much signed zones exist while signing is not allowed in the
first place.
> That someone experiments in Russia - but it is true.
Of course. DNSSEC is mostly an experiment everywhere.
> You missed a lot of zones signed in such manner - as I know 50 times more.
Would you please send me the list? I do have limited capabilites in
determining signed zones.
> I can even add more info as they had internal testbed with signing whole
> zone (~2mln) to estimate sizing and performance issues.
As long as those zones appear signed in the wild, it would be great to now.
> Because it was done by one of registrars to estimate potential
> customer's needs too.
> It is their own decision to experiment in such way.
Thank you for clarification.
More information about the Dnssec-deployment
mailing list