* Masataka Ohta: > Mark Andrews wrote: > >>>>http://tools.ietf.org/html/draft-dempsky-dnscurve-00 >>> >>>As I read the draft, it seems to me that DNSCurve without Curve >>>(that is, with 96 bit nonce of DNSCurve as an extended message >>>ID without elliptic curve cryptography) is secure enough. > >> Except from players that can see the query. > > That's not a new cryptographical problem. > > As DNSCurve protection is like DH, it is subject to MitM attacks, > which is no different from simple nonce. I think the expectation is that you learn the server names (and hence their keys) of child zones from parents, under DNSCurve's cryptographic protection. This is slightly different from plain DH. -- Florian Weimer <fweimer@xxxxxx> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf