OpenDNS today announced it has adopted DNSCurve to secure DNS
Danny Mayer
mayer at gis.net
Mon Apr 12 04:09:35 UTC 2010
Kevin Oberman wrote:
>> Date: Mon, 08 Mar 2010 10:03:26 -0800
>> From: Michael Sinatra <michael at rancid.berkeley.edu>
>> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>>
>> On 3/7/10 10:46 AM, Danny Mayer wrote:
>>
>>> Autokey is not a cryptographic signature protocol. It *is* a
>>> authentication protocol for the server only and there are a number of
>>> exchanges that need to be done to complete the authentication of the
>>> server. You cannot compare this with DNSSEC and nothing in NTP is encrypted.
>> Correct, the comparison was only to point out that Autokey, like DNSSEC,
>> doesn't encrypt payload because it doesn't need to.
>
> More specifically, I don't WANT to encrypt the data for either DNS or
> NTP. In both cases I want the data to always be signed clear-text and
> that is what DNSSEC does.
I'll put it stronger than that. DNSSEC authenticates the server's
*response* and does it in one packet while autokey authenticates the
*server* itself and it takes a number of exchanges of packets before the
client will consider the server as authenticated and it can rely on the
authenticated packets after that.
Danny
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the bind-users
mailing list