In message
<874c02a20905312100g120b83c7ufbfc13b2849a4aa8(_at_)mail(_dot_)gmail(_dot_)com>,
Joe Baptista writes:
I disagree. DNSCurve has nothing to do with trust. It simply ensure the
system you are connected to is in fact the system that gives you the
answer. DNSCurve addresses the UDP issues without the need for a root or
any other third party enjoying any degree of trust.
If you believe that I have a bridge to sell you.
Totally different from DNSSEC.
regards
joe baptista
You can disagree all you want but it doesn't change the
fact that DNSSEC and DNSCurve both have chains of trusts.
The proponents of DNSCurve even say this.
Note the chain of trust as described on
http://www.dnscurve.org/tld.html/.
The root DNS servers can also be protected with DNSCurve. Once a
cache knows DNSCurve server names for the root servers, its packets
to and from those servers are protected, so it securely learns the
DNSCurve server names for .com and other top-level domains, so its
packets to and from the .com servers are protected, so it securely
learns the DNSCurve server names for nytimes.com, etc.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf