Florian Weimer wrote: >>As DNSCurve protection is like DH, it is subject to MitM attacks, >>which is no different from simple nonce. > I think the expectation is that you learn the server names (and hence > their keys) of child zones from parents, under DNSCurve's > cryptographic protection. This is slightly different from plain DH. No, it is not expected that gtld servers will become "???????????????????????????????????????????????????.gtld-servers.net", only to cause message size overflow. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf