ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)

2010-02-24 20:10:17
from [Masataka Ohta] [Permanent Link] 
Nikos Mavrogiannopoulos wrote:


Not really. I Don't know what you mean by simple nonce, but as I
understand dnscurve if implemented properly would have ssh-style
authentication.


Ssh without secure public key distribution mechanism is not really
secure cryptographically.

In general, public key cryptography is scure only if public key
distribution is secure.

For example, DNSSEC is not really secure because key distribution
through trusted third parties is not really trustable.


Only the first request of the server key is vulnerable
with mitm.


So, we agree that DNSCurve is valunerable to MitM attacks.


Then it should be cached.


As it is cached, a successful attack on the first request, which
is easy if you can snoop packets, is more than enough.

It invalidate all the legitimate replies and validate all the
forged replies.

If you can't snoop packets, long message ID is just secure.

                                                Masataka Ohta

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: >1 Day One Day Passes, David Morris
Next by Date:  Re: OpenDNS today announced it has adopted DNSCurve to secure DNS, Joe Baptista
Previous by Thread:  Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS), Nikos Mavrogiannopoulos
Next by Thread:  Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS), Nikos Mavrogiannopoulos
Indexes:  [Date] [Thread] [Top] [All Lists]