Hacker News new | ask | show | jobs
by KirillPanov 971 days ago
> four 2048 bit RSA-SHA-2 signatures in 1049 bytes which is well within the EDNS MTU for unfragmented UDP

I was referring to the non-EDNS 512-byte limit.

Yes, you get ~2.5 times more with EDNS. Still, four records is not a lot.

> DNS needs TCP even in the absence of DNSSEC, because there are queries you cannot resolve without it.

Theoretically? Perhaps. Some would argue that connectionless DNS is valuable enough that people should not create those resource records. Before DNSSEC that was a working consensus. And with ECC it could be once again.
1 comments
tptacek 970 days ago
That's the opposite of the direction Internet cryptography is going, given hybrid PQC and classical systems.
link
KirillPanov 968 days ago
The bloaty key/signature size is only a problem with the PQ encryption systems.

For signing only there are much more efficient PQ cryptosystems, with signatures around the same size as ECC. If DNSSEC ever adopts PQC it will be one of those systems.

Here are two of the earliest, and easiest to understand. There are much better ones now.

https://en.wikipedia.org/wiki/Lamport_signature#Short_keys_a...

https://en.wikipedia.org/wiki/Merkle_signature_scheme

link