There are better solutions to the DNS security escapades that are simple and involve no economic cost to the users at large. DNSSEC is not the answer. DNSSEC is the nightmare. The solution lies with DNScurve - http://bit.ly/cjmH2n
The Internet already is a security nightmare - why contribute to it with DNSSEC. Fix the UDP problem once and for all with DNSCurve. Or something like it.
DNSSEC is old technology 1024 is a juvenile encryption standard. DNSSEC does not solve the UDP problem. DNSCurve will.
And I remind IETF members that Dr. Bernstein was the first to address the UDP port problem. DNScurve will take the DNS to the next step. Ensure the machine you contacted is the machine you want to speak too.
At least members do something. Because the DNSSEC joke must end. We need solutions to address the problem that don't end up being a make work project.
cheers
joe baptista
On Thu, Feb 18, 2010 at 3:08 PM, Masataka Ohta <mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
David Conrad wrote:
> I'm not sure why you are pretending that useful security is binary.
I'm afraid you are saying "DNSSEC or die", while I'm saying
"reasonable security is good enough". Which, do you think,
is binary?
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf