DNSCurve: an alternative to DNSSEC
Posted Jul 9, 2009 8:15 UTC (Thu) by Tobu
Parent article: DNSCurve: an alternative to DNSSEC
A few criticisms of DNSCurve from Stéphane Bortzmeyer's blog:
- The encryption algorithm is hard-coded in the protocol. Not many algorithms are suitable due to limits on record length.
- DNSCurve secures the conduit, not the message. It can't be used to protect against malicious caches, and isn't a functionnal equivalent to DNSSEC.
to post comments)