Tweet
Dan Kaminsky's DNS vulnerability has raised quite a bit of hell as even patched servers are still vulnerable to poisoning.
DNSSEC is now touting themselves as the only true solution to the problem, and would authenticate all domain names with a certificate chain with somebody (hopefully not DHS) holding a master set of keys. The U.S. government recently mandated deployment of DNSSEC for all federal domains.
However, Dan J. Bernstein, of qmail/djbdns fame and long disgruntled at DNSSEC, released DNSCurve which uses elliptic curve cryptography instead of RSA. He even compares the two for you.
It looks like some cryptographic approach is going to be required in the near future, and will be interesting to see which one wins out.
DNSSEC is now touting themselves as the only true solution to the problem, and would authenticate all domain names with a certificate chain with somebody (hopefully not DHS) holding a master set of keys. The U.S. government recently mandated deployment of DNSSEC for all federal domains.
However, Dan J. Bernstein, of qmail/djbdns fame and long disgruntled at DNSSEC, released DNSCurve which uses elliptic curve cryptography instead of RSA. He even compares the two for you.
It looks like some cryptographic approach is going to be required in the near future, and will be interesting to see which one wins out.
Comment