Over at the Internet Systems Consortium blog, Paul Vixie has offered this post, Whither DNSCurve? to answer the question he frequently gets: “what is DNSCurve and what’s ISC’s position on it given our long involvement in DNSSEC?” He concludes with this summation:
I want provably correct DNS content to be universally available. Not just for me but for the entire population of the Internet. I want to stamp out all forms of DNS intermediation whether by recursive nameserver operators or nation-states or hackers. Because DNSSEC can do this, ISC has invested a lot of time and money over the last dozen years helping to develop DNSSEC. Because DNSCurve does not do this, and because the problems DNSCurve actually does solve are pretty well solved by UDP source port randomization and will be entirely eradicated by DNSSEC, ISC is not investing in DNSCurve at all.
Recent Comments