Paul Wouters wrote:
On Thu, 28 May 2009, Alessandro Vesely wrote:
The limitations in TCP or SCTP security stem from
transport security is pretty meaningless in the DNS world which operates
using a distributed caching system.
One has to trust each cache! Given that it is pretty easy to predict a
subset of the queries a given server will issue in a give time frame,
using SCTP can improve reliability better than adding another 32bit
random number.
This is why dnscurve is just an
academic experiment that can never leave the lab for the real world.
IMHO, avoiding to base the Internet on an encumbered algorithm is
another good reason :-/
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf