Re: DNS over SCTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul Wouters wrote:
On Fri, 29 May 2009, Alessandro Vesely wrote:

It's what the patch has reinforced. SCTP is more secure than the patched bind, yet easier than DNSSEC.

where easier means "update all the root and TLD servers and load balancers
and what not to support DNS over SCTP. While DNSSEC is supported *right now* on that infrastructure. I would not call that "easier" at all.

There are a few acceptations of "easier" that characterize DNS over SCTP vs DNSSEC:

* it can be retrofitted, i.e. less software changes,
* it needs no signatures, i.e. no upgrades of original data,
* it uses no cryptography, i.e. more performance, and no PKI.

At any rate, using one solution does not preclude the other one, and two are better than one.
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]