On Thu, 25 Feb 2010, Sabahattin Gucukoglu wrote:
I'm thinking that maybe there's something in having DNSCurve be used for
one leg of the journey, between customer and cache.
That won't work because DNScurve gets its key from the server name, but
recursive servers are configured by IP address not by name.
And why aren't stub resolvers being encouraged to do their own DNSSec
validation?
It's very slow if you don't have a cache.
The stub / recursive link can be secured using TSIG or SIG(0) but this
hasn't yet been turned from principle to practice.
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf