[dns-operations] OpenDNS adopts DNSCurve

Adam Stasiniewicz adam at adamstas.com
Wed Feb 24 18:20:44 UTC 2010

Reading over the documentation on dnscurve.org I have one question.  I am
a bit confused on how each server is supposed to determine the other's
public key.  The reason I ask is because I am wondering how
man-in-the-middle attacks are mitigated/prevented (or if they're not).  As
everyone is aware, if/when DNSSEC's trust anchor system is properly
implemented (and the TLDs and below start signing data), this would
effectively kill man-in-the-middle attacks.  So basically, I am just
wondering how DNScurve accomplishes protection against similar attacks.

Adam Stasiniewicz

-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net
[mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Matthew
Sent: Tuesday, February 23, 2010 5:31 PM
To: Jacco Tunnissen
Cc: dns-operations at mail.dns-oarc.net
Subject: Re: [dns-operations] OpenDNS adopts DNSCurve

On Tue, Feb 23, 2010 at 3:06 PM, Jacco Tunnissen <jacco at glasvezel.net>
> Maybe Matthew is on the dns-ops list to clarify things. IIRC, his plan
> to document it for implementers.

I replied to Ed privately off list, but I suppose other readers may be
interested as well.

I have code for a standalone DNSCurve forwarder and a patch for
djbdns's dnscache to add DNSCurve recursive support. Both are
functional but still somewhat prototypish. I'm going to work on
polishing them this week, and knowing what code people would find most
useful/interesting would be helpful in prioritizing that work.

I'm also happy to answer any questions regarding implementing DNSCurve.
dns-operations mailing list
dns-operations at lists.dns-oarc.net

More information about the dns-operations mailing list