dnscurve and DNS hardening, was Re: Dan Kaminsky

Douglas Otis dotis at mail-abuse.org
Thu Aug 6 10:07:16 CDT 2009


On 8/5/09 7:05 PM, Naveen Nathan wrote:
> On Wed, Aug 05, 2009 at 09:17:01PM -0400, John R. Levine wrote:
>> ...
>>
>> It seems to me that the situation is no worse than DNSSEC, since in both
>> cases the software at each hop needs to be aware of the security stuff, or
>> you fall back to plain unsigned DNS.
>
> I might misunderstand how dnscurve works, but it appears that dnscurve
> is far easier to deploy and get running. The issue is merely coverage.

There might be issues related to intellectual property use. :^(

-Doug




More information about the NANOG mailing list