[116476] in North American Network Operators' Group
Re: DNS hardening, was Re: Dan Kaminsky
daemon@ATHENA.MIT.EDU (Phil Regnauld)
Wed Aug 5 14:07:01 2009
Date: Wed, 5 Aug 2009 20:06:08 +0200
From: Phil Regnauld <regnauld@catpipe.net>
To: bert hubert <bert.hubert@netherlabs.nl>
In-Reply-To: <3efd34cc0908051012q74fadfdej620cd0dcb20c1ea8@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
bert hubert (bert.hubert) writes:
>
> 5 is 'edns ping', but it was effectively blocked because people
> thought DNSSEC would be easier to do, or demanded that EDNS PING
> (http://edns-ping.org) would offer everything that DNSSEC offered.
I'm surprised you failed to mention http://dnscurve.org/crypto.html,
which is always brought up, but never seems to solve the problems
mentioned.
