* Masataka Ohta:
Florian Weimer wrote:
As DNSCurve protection is like DH, it is subject to MitM attacks,
which is no different from simple nonce.
I think the expectation is that you learn the server names (and hence
their keys) of child zones from parents, under DNSCurve's
cryptographic protection. This is slightly different from plain DH.
No, it is not expected that gtld servers will become
"???????????????????????????????????????????????????.gtld-servers.net",
only to cause message size overflow.
Wouldn't compression kick in if they shared keys (assuming that
DNSCurve doesn't sift the key from only the first label), making the
overhead negligible?
--
Florian Weimer <fweimer(_at_)bfk(_dot_)de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf