ietf
[Top] [All Lists]

Re: OpenDNS today announced it has adopted DNSCurve to secure DNS

2010-02-24 12:37:40
At 6:04 PM +0000 2/24/10, Tony Finch wrote:
On Wed, 24 Feb 2010, Phillip Hallam-Baker wrote:

I took a look at DNSCurve. Some points:

* It could certainly win.

It has a LOT of catching up to do. DNScurve has no publicly available
implementations. DNSSEC will be deployed in the most important zones by
the end of this year.

DNSCurve also assumes that authoritative name servers are willing to do orders 
of magnitude more calculations per second, all the time, than DNSSEC requires 
of them. That is, cryptographic calculations are needed for every response. 
Placing that burden on the DNS may or may not be acceptable to current 
operators. It may or may not also lead to less stability.

* It considers real world requirements that DNSSEC does not.

DNScurve ignores algorithm agility and patent problems.

How does it ignore patent problems? ECDSA and DNSCurve have the same patent 
exposure.

--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf