DNS hardening, was Re: Dan Kaminsky

John R. Levine johnl at iecc.com
Wed Aug 5 14:07:30 CDT 2009


>> 5 is 'edns ping', but it was effectively blocked because people
>> thought DNSSEC would be easier to do, or demanded that EDNS PING
>> (http://edns-ping.org) would offer everything that DNSSEC offered.
>
> 	I'm surprised you failed to mention http://dnscurve.org/crypto.html,
> 	which is always brought up, but never seems to solve the problems
> 	mentioned.

dnscurve looks like a swell idea, but I wouldn't put it in the category of 
a hack as straightforward as the ones I listed.  Also, at this point there 
appears to be neither code nor an implementable spec available since Dan 
is still fiddling with it.

Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.




More information about the NANOG mailing list