Hi everybody, I've seen the discussion on the list, and I've had more questions off-list about DNSSEC, DNSCurve and the quality and desirability of these protocols. In the message below, I want to share some of my thoughts on this, and then I kindly request everyone to have this discussion elsewhere. I'll explain.
Briefly - PowerDNS is not and has never been a 'political' project. While I have personally and for most of a decade have worked hard at pointing out the problems of DNSSEC on the various IETF lists, PowerDNS ultimately needs to serve the needs of its users, both individuals, organizations and corporations. For better or worse, implementing DNSSEC has become 'mandatory' in many circles. Not having it on the roadmap has become a liability. It is also a risk for the individuals that have advocated PowerDNS within their organizations - they might be accused of having backed the wrong horse. PowerDNS is technology, and not a political action front. And because of that, and because the DNSSEC efforts are gathering pace, we have to make sure that PowerDNS users will not be left out. I'll be posting more thoughts on http://blog.netherlabs.nl shortly, but I kindly request people not turn this mailinglist into yet another discussion about the merits of DNSSEC. Thanks! PS: http://www.powerdnssec.org has been updated to reflect new features of the experimental DNSSEC code. Spread the word! On Wed, Jul 15, 2009 at 7:27 PM, Leen Besselink<[email protected]> wrote: > On Thu, Jul 16, 2009 at 03:08:33AM +1000, Duane at e164 dot org wrote: >> Stephane Bortzmeyer wrote: > > Hi Duane and Stephane, > >> > On Wed, Jul 15, 2009 at 02:59:58AM +1000, >> > Duane at e164 dot org <[email protected]> wrote >> > a message of 62 lines which said: >> > >> >> On the other hand do you know of any "exciting" development with DNScurve? >> > >> > What's the relationship? DNSSEC secures the data, DNScurve the channel >> > (like TLS, IPsec, TSIG, etc). So, DNScurve is not a replacement for >> > DNSSEC, for instance, it does not protect against a rogue resolver (or >> > secondary name server). >> >> DNSSEC doesn't provide privacy, DNScurve is supposed to provide both >> verifiection and privacy, but since there is no implementation there has >> been little discussion on it which is unfortunate. >> >> Just like there is a lot of reasons for privacy of web sessions the >> powers that be don't want to offer users the same privacy for their DNS >> requests. _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
