Phillip Hallam-Baker wrote:
Well first that document was written in 1996. A lot has changed since.
Wrong. W.r.t. the end to end architecture, nothing has changed.
I don't think that is the case that nobody has complained. And right
now we are having a long discussion in DPRIVE over whether DNSCurve is
the answer or not
It is not.
Oh and one of the reasons DNSCurve does not fit the architecture is
precisely because it attempts to remove recursive resolvers from the
DNS architecture making it an end-to-end protocol!
That you insist that something is end to end means that you
think nothing has changed.
Moreover, DNS can not be end to end, because domain structure
is not consistent with network topology.
According to the end to end argument:
The function in question can completely and correctly be
implemented only with the knowledge and help of the
application standing at the end points of the
communication system.
that communicating end systems must depend on intermediate
name servers governing domains of the end systems and that
the end systems can not "help" the name servers by providing
their "knowledge" means that DNS is not end to end, which has
nothing to do with security mechanisms nor recursive resolvers.
Masataka Ohta