Alessandro,
On May 29, 2009, at 12:09 AM, Alessandro Vesely wrote:
One has to trust each cache!
With DNSSEC, you don't have to trust the cache since the only thing
the miscreants who compromise the cache can do is the functional
equivalent of removing the entry from the cache.
Given that it is pretty easy to predict a subset of the queries a
given server will issue in a give time frame, using SCTP can improve
reliability better than adding another 32bit random number.
1) It isn't easy
2) That's not what DNSSEC does (if that's what you're implying).
This is why dnscurve is just an academic experiment that can never
leave the lab for the real world.
IMHO, avoiding to base the Internet on an encumbered algorithm is
another good reason :-/
Huh? What are you talking about?
Regards,
-drc
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf