At 6:04 PM +0000 2/24/10, Tony Finch wrote: >On Wed, 24 Feb 2010, Phillip Hallam-Baker wrote: > >> I took a look at DNSCurve. Some points: >> >> * It could certainly win. > >It has a LOT of catching up to do. DNScurve has no publicly available >implementations. DNSSEC will be deployed in the most important zones by >the end of this year. DNSCurve also assumes that authoritative name servers are willing to do orders of magnitude more calculations per second, all the time, than DNSSEC requires of them. That is, cryptographic calculations are needed for every response. Placing that burden on the DNS may or may not be acceptable to current operators. It may or may not also lead to less stability. > > * It considers real world requirements that DNSSEC does not. > >DNScurve ignores algorithm agility and patent problems. How does it ignore patent problems? ECDSA and DNSCurve have the same patent exposure. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf