Date: 23 Nov 2002 17:28:16 -0000 Message-ID: <20021123172816.71385.qmail@cr.yp.to> Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html. From: "D. J. Bernstein" To: namedroppers@ops.ietf.org Subject: Re: DNS Server DoS Attacks References: <20021123061646.22603.qmail@cr.yp.to> <86155.1038061806@shell.nominum.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline PGP 2048-bit ElGamal signatures are probably the best choice for root-zone distribution today: the signature format is reasonably simple and reasonably well documented, and free signature-checking software is already widely deployed. Of course, the root-zone protocol can support multiple signatures on the same file. Jim Reid writes: > I can't believe you just said that. Does this mean you have recanted > on your previous strident objections to DNSSEC? :-) Have you stopped beating your wife, Jim? Anyone who wants to see what I've actually said about DNSSEC should read http://cr.yp.to/djbdns/forgery.html. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago