In message <874c02a20905312100g120b83c7ufbfc13b2849a4aa8@xxxxxxxxxxxxxx>, Joe Baptista writes: > > I disagree. DNSCurve has nothing to do with trust. It simply ensure the > system you are connected to is in fact the system that gives you the > answer. DNSCurve addresses the UDP issues without the need for a root or > any other third party enjoying any degree of trust. If you believe that I have a bridge to sell you. > Totally different from DNSSEC. > > regards > joe baptista You can disagree all you want but it doesn't change the fact that DNSSEC and DNSCurve both have chains of trusts. The proponents of DNSCurve even say this. Note the chain of trust as described on http://www.dnscurve.org/tld.html/. The root DNS servers can also be protected with DNSCurve. Once a cache knows DNSCurve server names for the root servers, its packets to and from those servers are protected, so it securely learns the DNSCurve server names for .com and other top-level domains, so its packets to and from the .com servers are protected, so it securely learns the DNSCurve server names for nytimes.com, etc. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf