NNSquad - Network Neutrality Squad
[ NNSquad ] Re: FW: [ga] the future .. DNS National Security and the ICANN clowns
On Apr 12, 2010, at 9:28 PM, ssc wrote: > I readily agree something needs done, but I'm waiting to read more on DNSCurve. (As time permits) I'll watch this discusion with great interest. > Like one rotten certificate, how bad is a single event corruption in Curve? or am I thinking a wrong analogy? Some quick reading seems to indicate that both DNSCurve and DNSSEC use public/private keys. However, it appears DNSSEC uses a chain system, so higher-level entities need to sign lower-level keys.. ie, the root signs .org, .org signs nnsquad.org, etc.. The problem I see with this is still cost. I'm sure this won't be free.. And, of course, we still have problems with breaking a single key, poisoning the whole chain. DNSCurve seems to do this differently, but I don't completely understand how.. Something about both the sender and receiver using key pairs and validating each other as proper authorities for data.. More reading/learning is necessary, though, as I don't completely understand how this works yet.. However, it doesn't appear that this can result in a single break poisoning an entire chain.. --------------------------- Jason 'XenoPhage' Frisvold xenophage0@gmail.com --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - Niven's Inverse of Clarke's Third Law