Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)
jnc@mercury.lcs.mit.edu (Noel Chiappa) Fri, 26 February 2010 00:48 UTC
Return-Path: <jnc@mercury.lcs.mit.edu>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2163F28C284 for <ietf@core3.amsl.com>; Thu, 25 Feb 2010 16:48:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.481
X-Spam-Level:
X-Spam-Status: No, score=-6.481 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbZoW-ruiJGu for <ietf@core3.amsl.com>; Thu, 25 Feb 2010 16:48:36 -0800 (PST)
Received: from mercury.lcs.mit.edu (mercury.lcs.mit.edu [18.26.0.122]) by core3.amsl.com (Postfix) with ESMTP id 72CC828C25C for <ietf@ietf.org>; Thu, 25 Feb 2010 16:48:36 -0800 (PST)
Received: by mercury.lcs.mit.edu (Postfix, from userid 11178) id 2D4F86BE5CD; Thu, 25 Feb 2010 19:50:48 -0500 (EST)
To: ietf@ietf.org
Subject: Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS today announced it has adopted DNSCurve to secure DNS)
Message-Id: <20100226005048.2D4F86BE5CD@mercury.lcs.mit.edu>
Date: Thu, 25 Feb 2010 19:50:48 -0500
From: jnc@mercury.lcs.mit.edu
Cc: jnc@mercury.lcs.mit.edu
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 00:48:37 -0000
> From: Shumon Huque <shuque@isc.upenn.edu> > Any of them, whether by malice or by being tricked, can issue a > certificate for any of your services. Our security is basically as good > as the the CA with the laxest policies & worst security. Sounds like a poor attribute for a security architeture... Noel
- Re: DNSCurve vs. DNSSEC - FIGHT! (was OpenDNS tod… Noel Chiappa