At 6:04 PM +0000 2/24/10, Tony Finch wrote:
On Wed, 24 Feb 2010, Phillip Hallam-Baker wrote:
I took a look at DNSCurve. Some points:
* It could certainly win.
It has a LOT of catching up to do. DNScurve has no publicly available
implementations. DNSSEC will be deployed in the most important zones by
the end of this year.
DNSCurve also assumes that authoritative name servers are willing to do orders
of magnitude more calculations per second, all the time, than DNSSEC requires
of them. That is, cryptographic calculations are needed for every response.
Placing that burden on the DNS may or may not be acceptable to current
operators. It may or may not also lead to less stability.
* It considers real world requirements that DNSSEC does not.
DNScurve ignores algorithm agility and patent problems.
How does it ignore patent problems? ECDSA and DNSCurve have the same patent
exposure.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf