nanog mailing list archives
Re: dnscurve and DNS hardening, was Re: Dan Kaminsky
From: Naveen Nathan <naveen () calpop com>
Date: Wed, 5 Aug 2009 19:05:24 -0700
On Wed, Aug 05, 2009 at 09:17:01PM -0400, John R. Levine wrote:
... It seems to me that the situation is no worse than DNSSEC, since in both cases the software at each hop needs to be aware of the security stuff, or you fall back to plain unsigned DNS.
I might misunderstand how dnscurve works, but it appears that dnscurve is far easier to deploy and get running. The issue is merely coverage. How much of DNS do you want to protect. This is analagous to SMTP security, the more MTAs that support TLS the proportional increase of security in the system as a whole. Dnscurve appears to be another form of opportunistic encryption, the more servers that employ dnscurve means an accretion in security of DNS as a whole.
Current thread:
- Re: Dan Kaminsky, (continued)
- Re: Dan Kaminsky Nick Hilliard (Aug 05)
- Re: Dan Kaminsky Paul Vixie (Aug 04)
- Re: Dan Kaminsky bert hubert (Aug 04)
- DNS hardening, was Re: Dan Kaminsky John Levine (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky bert hubert (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Phil Regnauld (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Steven M. Bellovin (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Mark Andrews (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- RE: dnscurve and DNS hardening, was Re: Dan Kaminsky Skywing (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Alexander Harrowell (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 07)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Tony Finch (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 05)