On 02/23/10 19:54, Joe Baptista wrote:
It would be nice to see it as an RFC. I agree with that. But from what I
know it will be a pretty cold day in hell before it becomes an RFC. I
humbly suggest Dr. Bernstein who is behind DNScurve thinks the IETF is
full of wackos. So it is unlikely he will ever be bothered to dance the
IETF RFC jig.
I do disagree with you that bind should only implement what is in the
RFC. Lets not forget the IETF has had 15 years to secure the DNS. The
result is the DNSSEC abortion. It has failed. This announcement today is
a stiff well deserved kick in the balls to the DNSSEC crowd.
We can not rely on the IETF for security. Commerce and simple common
sense communications are screaming for security solutions today.
DNSCurve is perfect and it works out of the box.
Folks. OpenDNS has set the DNS standard. We can start securing the DNS
with every new dnscurve upgrade to bind. Imagine how much money is being
spent on the DNSSEC make work project - time and energy wasted.
DNScurve installs - configures and runs. No need for a make work project.
agreed?
As someone who both signs his production zones and does DNSSEC
validation, I can assure you that DNSSEC works. But you've done as good
job as I can imagine in making the case for DNScurve.
michael
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
