> > By the end of May, all the root servers should be running DNSSEC > > > > http://royal.pingdom.com/2010/01/19/the-internet-is-about-to-get-a-lot-safer/ > > > > Is Plan9 ready for such a move? > > Reading what D. J. Bernstein has to say about DNSSEC is always fun. > See e.g. this paper http://cr.yp.to/talks/2009.08.10/slides.pdf about > abusing DNSSEC to launch denial of service attacks. He has also > proposed an alternative to DNSSEC, http://dnscurve.org/.
this isn't a technical discussion. regardless of the merits, they're not implementing dnscurve on the root servers. they're implementing dnssec. so if you're interested in securing dns, say to prevent ssl mitm attacks, i only see three choices 1. hold your nose. do dnssec. 2. put your head in the sand. 3. convince the world to use dnscurve. - erik
