On Thu, Feb 25, 2010 at 1:07 AM, Masataka Ohta
<mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp> wrote:
Mark Andrews wrote:
http://tools.ietf.org/html/draft-dempsky-dnscurve-00
As I read the draft, it seems to me that DNSCurve without Curve
(that is, with 96 bit nonce of DNSCurve as an extended message
ID without elliptic curve cryptography) is secure enough.
Except from players that can see the query.
That's not a new cryptographical problem.
As DNSCurve protection is like DH, it is subject to MitM attacks,
which is no different from simple nonce.
Not really. I Don't know what you mean by simple nonce, but as I
understand dnscurve if implemented properly would have ssh-style
authentication. Only the first request of the server key is vulnerable
with mitm. Then it should be cached.
regards,
Nikos
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf