DNS hardening, was Re: Dan Kaminsky
John R. Levine
johnl at iecc.com
Wed Aug 5 19:07:30 UTC 2009
>> 5 is 'edns ping', but it was effectively blocked because people
>> thought DNSSEC would be easier to do, or demanded that EDNS PING
>> (http://edns-ping.org) would offer everything that DNSSEC offered.
>
> I'm surprised you failed to mention http://dnscurve.org/crypto.html,
> which is always brought up, but never seems to solve the problems
> mentioned.
dnscurve looks like a swell idea, but I wouldn't put it in the category of
a hack as straightforward as the ones I listed. Also, at this point there
appears to be neither code nor an implementable spec available since Dan
is still fiddling with it.
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
More information about the NANOG
mailing list