>
> In my previous post, I was suggesting to *not* include the proof in the
> request, because the payer can download it independently. Only the final
> signature is needed. What makes DNSSEC interesting is not the size of
> the proof, but rather the fact that you can request it easily, and in a
> canonical way.
>

Yes, but you still need the final signature. Is it possible to use an EC
signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong
about that, and all you need is 32 bytes, then my argument does not hold.