DNSCurve vs DNSSEC
Posted
by Bill Gray
on Server Fault
See other posts from Server Fault
or by Bill Gray
Published on 2009-07-14T22:58:01Z
Indexed on
2010/03/26
22:43 UTC
Read the original article
Hit count: 670
Can someone informed, please give a lengthy reply about the differences and advantages/disadvantages of both approaches?
I am not a DNS expert, not a programmer. I have a decent basic understanding of DNS, and enough knowledge to understand how things like the kaminsky bug work. From what I understand, DNSCurve has stronger encryption, is far simpler to setup, and an altogether better solution.
DNSSEC is needlessly complicated and uses breakable encryption, however it provides end to end security, something DNSCurve does not. However, many of the articles I have read have seemed to indicate that end to end security is of little use or makes no difference.
So which is true? Which is the better solution, or what are the disadvantages/advantages of each?
edit:
I would appreciate if someone could explain what is gained by encrypting the message contents, when the goal is authentication rather than confidentiality.
The proof that keys are 1024bit RSA keys is here.
© Server Fault or respective owner