[Pdns-users] PowerDNS & DNSSEC!
Duane at e164 dot org
duane at e164.org
Wed Jul 15 17:08:33 UTC 2009
Stephane Bortzmeyer wrote:
> On Wed, Jul 15, 2009 at 02:59:58AM +1000,
> Duane at e164 dot org <duane at e164.org> wrote
> a message of 62 lines which said:
>
>> On the other hand do you know of any "exciting" development with DNScurve?
>
> What's the relationship? DNSSEC secures the data, DNScurve the channel
> (like TLS, IPsec, TSIG, etc). So, DNScurve is not a replacement for
> DNSSEC, for instance, it does not protect against a rogue resolver (or
> secondary name server).
DNSSEC doesn't provide privacy, DNScurve is supposed to provide both
verifiection and privacy, but since there is no implementation there has
been little discussion on it which is unfortunate.
Just like there is a lot of reasons for privacy of web sessions the
powers that be don't want to offer users the same privacy for their DNS
requests.
Reasons for not wanting to offer privacy included acknowledging that
various governments would oppose it and DNSSEC specifically has no
potential for privacy in the specs.
That said since DNSSEC does involves crypto for signing, the same tech
could in theory be used for privacy, and that annoys/scares what ever
govt agencies and one potential reason why any sort of DNS crypto has
taken this long to get to this point.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global Communication for the 21st Century
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20090716/070ee897/attachment-0001.sig>
More information about the Pdns-users
mailing list