On Wed, Sep 03, 2008 at 08:58:38PM -0500,
Jon A. Solworth wrote
a message of 63 lines which said:

> I went to DJB's talk at UIC on DNSCurve, and think its a very
> interesting proposal---and was a bit disappointed that it wasn't
> explored more on namedroppers.


There are several reasons:

1) djb did not take the trouble to publish anything looking like a
specification (even with a very broad definition of "specification").

2) djb is well known for some good ideas and a complete lack of human
interface. He gets the attention he deserves.

> I just recently subscribed, so please forgive me for not replying to
> the earlier thread.


I forgive but stealing a thread is unforgivable:


> 2. Cryptographic scheme: DNSCurve protects the communication links
> from attackers rather than the DNS records from modification. The
> advantage is that the relatively expensive operations involving the
> public/private key occur only once between each pair of hosts.


And the disadvantage is that a non-DNScurve cache in the middle
completely stops DNScurve (while DNSSEC still works).

> 3. Security: DNSCurve achieves much stronger cryptographic security then
> does 1024-bit RSA.


As mentioned here, DNSSEC could use elliptic curves:



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: