|
|
|
|
|
|
by borando
4446 days ago
|
|
|
The system scales up by piggybacking on DNSSEC You're missing the major point: MinimaLT will initially use X.509 (since it's already deployed). A future protocol upgrade will support, if I'm not mistaken, sayI. DNS Security (e.g. DNSCurve, DNSCrypt, or even DNSSEC) adds a second layer of security: keys are transmitted in DNS records, and server auth is done via X.509. This means an attacker would have to break both X.509 _and_ DNS. I'm not sure if this is more secure; in fact, I think it's less secure than SSL I believe the above point addresses your concern. In addition, MinimaLT's Curve25519 + Salsa20-Poly1305 is superior to any ciphersuite found in TLS. |
|
|