[116481] in North American Network Operators' Group
Re: DNS hardening, was Re: Dan Kaminsky
daemon@ATHENA.MIT.EDU (John R. Levine)
Wed Aug 5 15:08:20 2009
Date: Wed, 5 Aug 2009 15:07:30 -0400 (EDT)
From: "John R. Levine" <johnl@iecc.com>
To: Phil Regnauld <regnauld@catpipe.net>
In-Reply-To: <20090805180608.GA81225@bluepipe.dk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> 5 is 'edns ping', but it was effectively blocked because people
>> thought DNSSEC would be easier to do, or demanded that EDNS PING
>> (http://edns-ping.org) would offer everything that DNSSEC offered.
>
> I'm surprised you failed to mention http://dnscurve.org/crypto.html,
> which is always brought up, but never seems to solve the problems
> mentioned.
dnscurve looks like a swell idea, but I wouldn't put it in the category of
a hack as straightforward as the ones I listed. Also, at this point there
appears to be neither code nor an implementable spec available since Dan
is still fiddling with it.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
