You're definitely on track, although I was referring to D.J. Bernstein's recent slides: http://cr.yp.to/talks/2012.06.04/slides.pdf
In these, he does bring up the same problems again that his DNSCURVE purported to solve, about weak algorithms, signing (or lack of), forgeries, and UDP amplification. It might just be who I follow, but I've seen a lot of discussion around this lately on twitter by Jacob Appelbaum and other privacy/crypto types. Perhaps 'mired in controversy' was an overstatement, but it definitely appears that spec has problems. RK On Fri, Aug 24, 2012 at 6:17 AM, Kevin Chadwick <ma1l1i...@yahoo.co.uk> wrote: >> However, >> this would require DNSSEC to be secure (which itself seems to be mired >> in controvery lately, not to mention the slow rate of adoption) > > Do you have a reference for that. I know of the controversy around > DNSCURVE before DNSSEC even arrived but haven't seen any of late. Is it > to do with the restriction of key length by dns record size and use of > RSA rather than ecdsa which offers more security to key length ratio or > something else? > > > -- > _______________________________________________________________________ > > 'Write programs that do one thing and do it well. Write programs to work > together. Write programs to handle text streams, because that is a > universal interface' > > (Doug McIlroy) > _______________________________________________________________________
