nanog mailing list archives
Re: DNS hardening, was Re: Dan Kaminsky
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Wed, 5 Aug 2009 17:58:55 -0400
On Wed, 5 Aug 2009 15:07:30 -0400 (EDT) "John R. Levine" <johnl () iecc com> wrote:
5 is 'edns ping', but it was effectively blocked because people thought DNSSEC would be easier to do, or demanded that EDNS PING (http://edns-ping.org) would offer everything that DNSSEC offered.I'm surprised you failed to mention http://dnscurve.org/crypto.html, which is always brought up, but never seems to solve the problems mentioned.dnscurve looks like a swell idea, but I wouldn't put it in the category of a hack as straightforward as the ones I listed. Also, at this point there appears to be neither code nor an implementable spec available since Dan is still fiddling with it.
As I understand it, dnscurve protects transmissions, not objects. That's not the way DNS operates today, what with N levels of cache. It may or may not be better, but it's a much bigger delta to today's systems and practices than DNSSEC is. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: Dan Kaminsky, (continued)
- Re: Dan Kaminsky Jorge Amodio (Aug 07)
- QR-Codes... was: Re: Dan Kaminsky Dragos Ruiu (Aug 07)
- Re: Dan Kaminsky Jorge Amodio (Aug 07)
- Re: Dan Kaminsky Nick Hilliard (Aug 05)
- Re: Dan Kaminsky Paul Vixie (Aug 04)
- Re: Dan Kaminsky bert hubert (Aug 04)
- DNS hardening, was Re: Dan Kaminsky John Levine (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky bert hubert (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Phil Regnauld (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Steven M. Bellovin (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Mark Andrews (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- RE: dnscurve and DNS hardening, was Re: Dan Kaminsky Skywing (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Alexander Harrowell (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 07)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Tony Finch (Aug 06)