[Top] [All Lists]

Re: [Asrg] DNS over SCTP

2009-05-29 06:10:12
Paul Wouters wrote:
On Thu, 28 May 2009, Alessandro Vesely wrote:
The limitations in TCP or SCTP security stem from

transport security is pretty meaningless in the DNS world which operates using a distributed caching system.

One has to trust each cache! Given that it is pretty easy to predict a subset of the queries a given server will issue in a give time frame, using SCTP can improve reliability better than adding another 32bit random number.

This is why dnscurve is just an academic experiment that can never leave the lab for the real world.

IMHO, avoiding to base the Internet on an encumbered algorithm is another good reason :-/

Asrg mailing list