[116533] in North American Network Operators' Group
Re: dnscurve and DNS hardening, was Re: Dan Kaminsky
daemon@ATHENA.MIT.EDU (Douglas Otis)
Thu Aug 6 11:08:27 2009
Date: Thu, 06 Aug 2009 08:07:16 -0700
From: Douglas Otis <dotis@mail-abuse.org>
To: Naveen Nathan <naveen@calpop.com>
In-Reply-To: <20090806020524.GK30683@armakuni.lastninja.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 8/5/09 7:05 PM, Naveen Nathan wrote:
> On Wed, Aug 05, 2009 at 09:17:01PM -0400, John R. Levine wrote:
>> ...
>>
>> It seems to me that the situation is no worse than DNSSEC, since in both
>> cases the software at each hop needs to be aware of the security stuff, or
>> you fall back to plain unsigned DNS.
>
> I might misunderstand how dnscurve works, but it appears that dnscurve
> is far easier to deploy and get running. The issue is merely coverage.
There might be issues related to intellectual property use. :^(
-Doug
