[dns-operations] OpenDNS adopts DNSCurve

Paul Vixie vixie at isc.org
Wed Feb 24 21:57:40 UTC 2010


> Date: Wed, 24 Feb 2010 13:39:38 -0800
> From: "Crist Clark" <Crist.Clark at globalstar.com>
> 
> ... There is no point in pretending that DNSCurve is in anyway a
> substitute or competitor to DNSSEC.

+1.

> DNSCurve, to me, seems roughly equivalent to a client doing IPsec AH on
> 53/udp and 53/tcp with the server.

i'd go further.  to me dnscurve is roughly equivilent to udp source port
randomization, also invented by djb, and which is perfectly adequate to the
task of providing "channel authenticity."

dnssec by comparison solves a problem i still have: "data authenticity."



More information about the dns-operations mailing list