2024.02.15 18:17:54 (Mastodon 111936869110268802, Twitter 1758193945249742951) from Daniel J. Bernstein:
2009: "Not covered in this talk: other types of DoS attacks. e.g. DNSSEC advertising says zero server-CPU-time cost. How much server CPU time can we actually consume?" https://cr.yp.to/talks.html#2009.08.10 Also posed the question in some later talks. Most recent answer: https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf