* Masataka Ohta:
Mark Andrews wrote:
http://tools.ietf.org/html/draft-dempsky-dnscurve-00
As I read the draft, it seems to me that DNSCurve without Curve
(that is, with 96 bit nonce of DNSCurve as an extended message
ID without elliptic curve cryptography) is secure enough.
Except from players that can see the query.
That's not a new cryptographical problem.
As DNSCurve protection is like DH, it is subject to MitM attacks,
which is no different from simple nonce.
I think the expectation is that you learn the server names (and hence
their keys) of child zones from parents, under DNSCurve's
cryptographic protection. This is slightly different from plain DH.
--
Florian Weimer <fweimer(_at_)bfk(_dot_)de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf