On 08/03/2010 04:59 PM, W.C.A. Wijngaards wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Kevin,
On 08/03/2010 03:23 PM, Kevin Chadwick wrote:
Is it possible to add dnscurve support to the todo list?
It is currently at the IETF and if that standardization (and fix)
process is done, then we can consider adding it. Of course we also want
a lean-and-mean validator for unbound, so no unnecessary features. The
IETF process can take some time and make changes to the spec, therefore
the decision is better made at a later date.
The root was just signed with DNSSEC, a week or so ago, so I updated the
Howto DNSSEC on the unbound website for that earlier today. RFC5011
tracking of the root anchor is much easier than tracking every
topleveldomain with cron.
How about TSIG ? I think it can be used (if an stub-resolver like ldns
implements it) to secure 'the last mile'.
__
Did you also see this idea by Dan Kaminsky ? I thought it was pretty smart.
It takes part of the idea from dnscurve and combines it with DNSSEC to
get faster/more DNSSEC deployment:
http://recursion.com/chain.pdf
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxYLu8ACgkQkDLqNwOhpPiX4gCgoj92t/iJr1lBIwN7W1I1wQvL
jHYAnRQUyVJdV+c3/ETsAVl0iH2RA9NQ
=NYMP
-----END PGP SIGNATURE-----
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
