Phillip Hallam-Baker wrote: > Well first that document was written in 1996. A lot has changed since. Wrong. W.r.t. the end to end architecture, nothing has changed. > I don't think that is the case that nobody has complained. And right > now we are having a long discussion in DPRIVE over whether DNSCurve is > the answer or not It is not. > Oh and one of the reasons DNSCurve does not fit the architecture is > precisely because it attempts to remove recursive resolvers from the > DNS architecture making it an end-to-end protocol! That you insist that something is end to end means that you think nothing has changed. Moreover, DNS can not be end to end, because domain structure is not consistent with network topology. According to the end to end argument: The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system. that communicating end systems must depend on intermediate name servers governing domains of the end systems and that the end systems can not "help" the name servers by providing their "knowledge" means that DNS is not end to end, which has nothing to do with security mechanisms nor recursive resolvers. Masataka Ohta