OpenDNS today announced it has adopted DNSCurve to secure DNS
Kevin Oberman
oberman at es.net
Mon Mar 8 18:29:46 UTC 2010
> Date: Mon, 08 Mar 2010 10:03:26 -0800
> From: Michael Sinatra <michael at rancid.berkeley.edu>
> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>
> On 3/7/10 10:46 AM, Danny Mayer wrote:
>
> > Autokey is not a cryptographic signature protocol. It *is* a
> > authentication protocol for the server only and there are a number of
> > exchanges that need to be done to complete the authentication of the
> > server. You cannot compare this with DNSSEC and nothing in NTP is encrypted.
>
> Correct, the comparison was only to point out that Autokey, like DNSSEC,
> doesn't encrypt payload because it doesn't need to.
More specifically, I don't WANT to encrypt the data for either DNS or
NTP. In both cases I want the data to always be signed clear-text and
that is what DNSSEC does.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the bind-users
mailing list