

DNSCurve: DJB's proposal for securing DNS - aaronsw
http://dnscurve.org/

======
cperciva
Basic summary: DNSSEC adds new DNS records in order to provide end-to-end
security; DNSCurve adds protocol level security instead, but does so in a far
more cryptographically sound way.

Personally I'm not happy with either solution. Getting the cryptography right
is important, but end-to-end security is also important -- the ideal outcome
here would be if a new DNSSEC2 was created which used djb's curve25519 instead
of RSA1024, but I don't think this is very likely to happen any time soon.

