On Thu, 25 Feb 2010, Sabahattin Gucukoglu wrote: > I'm thinking that maybe there's something in having DNSCurve be used for > one leg of the journey, between customer and cache. That won't work because DNScurve gets its key from the server name, but recursive servers are configured by IP address not by name. > And why aren't stub resolvers being encouraged to do their own DNSSec > validation? It's very slow if you don't have a cache. The stub / recursive link can be secured using TSIG or SIG(0) but this hasn't yet been turned from principle to practice. Tony. -- f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf