Paul Wouters wrote:
On Fri, 29 May 2009, Alessandro Vesely wrote:
It's what the patch has reinforced. SCTP is more secure than the
patched bind, yet easier than DNSSEC.
where easier means "update all the root and TLD servers and load balancers
and what not to support DNS over SCTP. While DNSSEC is supported *right
now* on that infrastructure. I would not call that "easier" at all.
There are a few acceptations of "easier" that characterize DNS over
SCTP vs DNSSEC:
* it can be retrofitted, i.e. less software changes,
* it needs no signatures, i.e. no upgrades of original data,
* it uses no cryptography, i.e. more performance, and no PKI.
At any rate, using one solution does not preclude the other one, and
two are better than one.
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf