ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS over SCTP

2009-05-30 06:00:56
from [Alessandro Vesely] [Permanent Link] 
Paul Wouters wrote:

On Fri, 29 May 2009, Alessandro Vesely wrote:
It's what the patch has reinforced. SCTP is more secure than the patched bind, yet easier than DNSSEC. 

where easier means "update all the root and TLD servers and load balancers
and what not to support DNS over SCTP. While DNSSEC is supported *right now* on that infrastructure. I would not call that "easier" at all.
There are a few acceptations of "easier" that characterize DNS over SCTP vs DNSSEC: 

* it can be retrofitted, i.e. less software changes,
* it needs no signatures, i.e. no upgrades of original data,
* it uses no cryptography, i.e. more performance, and no PKI.
At any rate, using one solution does not preclude the other one, and two are better than one. 
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  DNSSEC is NOT secure end to end, Masataka Ohta
Next by Date:  Re: Differing topics (was: IAOC Meeting location selection), John C Klensin
Previous by Thread:  Re: DNS over SCTP, Paul Wouters
Next by Thread:  Re: DNS over SCTP, David Conrad
Indexes:  [Date] [Thread] [Top] [All Lists]