Re: DNS over SCTP

From: Alessandro Vesely <vesely at tana.it>
To: Paul Wouters <paul at xelerance.com>
Cc: ietf at ietf.org
Date: Sat, 30 May 2009 12:00:32 +0200
In-reply-to: <alpine.LFD.1.10.0905291529360.28241 at newtla.xelerance.com>
References: <4A1A45BA.5030704 at swin.edu.au> <3be421270905250718y5d62f6d5odb6f2bebecf418d0 at mail.gmail.com> <6684E747-55CB-4BB3-B838-9F4FE906AFE7 at mail-abuse.org> <200905251603.MAA16221 at Sparkle.Rodents-Montreal.ORG> <CCE0A3E1-4BCB-460C-AEA0-6548BB4AE8FE at mail-abuse.org> <4A1D64C9.5060505 at tana.it> <47BC2197-472E-4615-97D2-F7E42B8F3B7D at mail-abuse.org> <4A1E8BD3.8000103 at tana.it> <20090528131509.GA13521 at nic.fr> <4A1E9CBF.4010703 at tana.it> <20090528142325.GA22943 at nic.fr> <4A1EB214.6090507 at tana.it> <alpine.LFD.1.10.0905281236450.2926 at newtla.xelerance.com> <4A1FB46A.4090805 at tana.it> <5D178396-5140-40DB-BAD9-CACF708F7740 at virtualized.org> <4A20230C.5070001 at tana.it> <alpine.LFD.1.10.0905291529360.28241 at newtla.xelerance.com>

Paul Wouters wrote:

On Fri, 29 May 2009, Alessandro Vesely wrote:
It's what the patch has reinforced. SCTP is more secure than thepatched bind, yet easier than DNSSEC.
where easier means "update all the root and TLD servers and load balancers
and what not to support DNS over SCTP. While DNSSEC is supported *rightnow* on that infrastructure. I would not call that "easier" at all.

There are a few acceptations of "easier" that characterize DNS overSCTP vs DNSSEC:


* it can be retrofitted, i.e. less software changes,
* it needs no signatures, i.e. no upgrades of original data,
* it uses no cryptography, i.e. more performance, and no PKI.

At any rate, using one solution does not preclude the other one, andtwo are better than one.

References:
- DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
  - From: Alessandro Vesely
- Re: DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
  - From: Stephane Bortzmeyer
- Re: DNS over SCTP
  - From: Alessandro Vesely
- Re: DNS over SCTP
  - From: Stephane Bortzmeyer
- Re: DNS over SCTP
  - From: Alessandro Vesely
- Re: DNS over SCTP
  - From: Paul Wouters
- Re: DNS over SCTP
  - From: Alessandro Vesely
- Re: DNS over SCTP
  - From: David Conrad
- Re: DNS over SCTP
  - From: Alessandro Vesely
- Re: DNS over SCTP
  - From: Paul Wouters

Prev by Date: Fwd: [Unicode Announcement] New Public Review Issue #147: Proposed Deprecation of U+0673 ARABIC LETTER ALEF WITH WAVY HAMZA BELOW
Next by Date: Re: Differing topics (was: IAOC Meeting location selection)
Previous by thread: Re: DNS over SCTP
Next by thread: Re: DNS over SCTP
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: DNS over SCTP

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.