ietf
[Top] [All Lists]

Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)

2010-03-01 15:22:30
On Mon, Mar 1, 2010 at 2:13 PM, Masataka Ohta <
mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp> wrote:

Phillip Hallam-Baker wrote:

Moving to DNSSEC, regardless of the technical model does not eliminate
the need for certificates or CAs. The purpose of EV certificates is to
re-establish the principle of accountability.

I don't know what EV means, but anything human, including CA, is not
infallible, which is why PKI is insecure.


=> Can you please explain in few lines what would be your preference(s) for
a solution to enable
DNSsec?
I apologize if you have already submitted a proposal about it which I must
have missed... in which case,
I would appreciate a pointer.


Regards,

Wassim H.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf