Re: [DNSOP] I think we may have a solution - DNSCurve

2008-09-03 Thread Stephane Bortzmeyer
On Wed, Sep 03, 2008 at 11:33:54AM +1000, Mark Andrews [EMAIL PROTECTED] wrote a message of 24 lines which said: A NXDOMAIN response if cyptographically proved with DNSSEC. There are two possibilities: 1) I understand nothing to DNSSEC (this is quite possible, giving my experience

Re: [DNSOP] I think we may have a solution - DNSCurve

2008-09-03 Thread Roy Arends
On Sep 3, 2008, at 8:13 AM, Stephane Bortzmeyer wrote: On Wed, Sep 03, 2008 at 11:33:54AM +1000, Mark Andrews [EMAIL PROTECTED] wrote a message of 24 lines which said: A NXDOMAIN response if cyptographically proved with DNSSEC. 2) You are playing with words. The domain example.org

Re: [DNSOP] I think we may have a solution - DNSCurve

2008-09-02 Thread Stephane Bortzmeyer
On Mon, Sep 01, 2008 at 04:49:12PM -0400, Paul Wouters [EMAIL PROTECTED] wrote a message of 18 lines which said: many issues there which are not addressed [...] authenticated denial of existence, Although I agree with your criticism that there is no published *specification* of DNScurve

Re: [DNSOP] I think we may have a solution - DNSCurve

2008-09-02 Thread Mark Andrews
On Mon, Sep 01, 2008 at 04:49:12PM -0400, Paul Wouters [EMAIL PROTECTED] wrote a message of 18 lines which said: many issues there which are not addressed [...] authenticated denial of existence, Although I agree with your criticism that there is no published *specification* of

Re: [DNSOP] I think we may have a solution - DNSCurve

2008-09-01 Thread bert hubert
On Mon, Sep 01, 2008 at 04:49:12PM -0400, Paul Wouters wrote: On Sun, 31 Aug 2008, David Conrad wrote: 5. I suspect having encryption will make getting export licenses more complicated. 6. Ellipctic Curve is patent encumbered Perhaps http://cr.yp.to/ecdh/patents.html can shed some

Re: [DNSOP] I think we may have a solution - DNSCurve

2008-08-31 Thread Ondřej Surý
2008/8/31 Joe Baptista [EMAIL PROTECTED]: http://dnscurve.org/ comments? I already made comments on namedroppers, so I will summarize it here: 1. no trust anchors in design, signatures seems to be loosely connected. Djb added page for TLD operators today, where he proposes signing .com

Re: [DNSOP] I think we may have a solution - DNSCurve

2008-08-31 Thread David Conrad
1. no trust anchors in design, signatures seems to be loosely connected. 2. In it's ideal state it would change DNS to DNS over DNS-TXT. 3. Requirements on aDNS server computation power is raised. 4. I am not sure if labels like [...] make things more simpler. 5. I suspect having

Re: [DNSOP] I think we may have a solution - DNSCurve

2008-08-31 Thread bert hubert
On Sun, Aug 31, 2008 at 01:21:31PM -0700, David Conrad wrote: are easier now then they were when I had a couple of lawyers look at it for DNSSEC (which doesn't have encryption)) and it may or may not Technically, this may be true - but I got into trouble over an AES-based random generator,