Re: Stub DNSSec Resolution, Or Use DNSScurve
Tony Finch <dot@dotat.at> Thu, 25 February 2010 14:11 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5053028C117 for <ietf@core3.amsl.com>; Thu, 25 Feb 2010 06:11:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.465
X-Spam-Level:
X-Spam-Status: No, score=-6.465 tagged_above=-999 required=5 tests=[AWL=0.134, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoSM05FQBJ2Z for <ietf@core3.amsl.com>; Thu, 25 Feb 2010 06:11:51 -0800 (PST)
Received: from ppsw-7.csi.cam.ac.uk (ppsw-7.csi.cam.ac.uk [131.111.8.137]) by core3.amsl.com (Postfix) with ESMTP id C51A028C0F3 for <ietf@ietf.org>; Thu, 25 Feb 2010 06:11:50 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:58835) by ppsw-7.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1NkeTZ-0007VP-N1 (Exim 4.70) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 25 Feb 2010 14:14:01 +0000
Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1NkeTZ-0005oA-3w (Exim 4.67) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 25 Feb 2010 14:14:01 +0000
Date: Thu, 25 Feb 2010 14:14:01 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Sabahattin Gucukoglu <mail@sabahattin-gucukoglu.com>
Subject: Re: Stub DNSSec Resolution, Or Use DNSScurve
In-Reply-To: <65BC48D4-4704-4C55-BFCA-D2972B418040@sabahattin-gucukoglu.com>
Message-ID: <alpine.LSU.2.00.1002251410580.16971@hermes-2.csi.cam.ac.uk>
References: <65BC48D4-4704-4C55-BFCA-D2972B418040@sabahattin-gucukoglu.com>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2010 14:11:52 -0000
On Thu, 25 Feb 2010, Sabahattin Gucukoglu wrote: > I'm thinking that maybe there's something in having DNSCurve be used for > one leg of the journey, between customer and cache. That won't work because DNScurve gets its key from the server name, but recursive servers are configured by IP address not by name. > And why aren't stub resolvers being encouraged to do their own DNSSec > validation? It's very slow if you don't have a cache. The stub / recursive link can be secured using TSIG or SIG(0) but this hasn't yet been turned from principle to practice. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
- Stub DNSSec Resolution, Or Use DNSScurve Sabahattin Gucukoglu
- Re: Stub DNSSec Resolution, Or Use DNSScurve Tony Finch
- Re: Stub DNSSec Resolution, Or Use DNSScurve Florian Weimer
- Re: Stub DNSSec Resolution, Or Use DNSScurve Sabahattin Gucukoglu
- Re: Stub DNSSec Resolution, Or Use DNSScurve David Conrad