[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strategy: DNS server in main for potato?

    BIND (Berkeley Internet Name Domain) server is the thing that gives
    you answers to DNS name lookups.  It's mostly covered by the BSD
    license.  With the introduction of DNSSEC (secure DNS) it needs
    encryption, and is using RSA, which makes the latest BIND patent
    encumbered in the US.

I am guessing that DNSSEC is a standard specification, perhaps an
Internet RFC.  Is that so?

If so, the first question is, does DNSSEC provide for some other kind
of encryption as an alternative?

If yes, then we have a number of alternatives:

1. Make a version of BIND with some other encryption algorithm, and
encourage people to use it instead of the "official" version of BIND.

The people who do this can offer to cooperate with the "official"
version.  The longer the cooperation continues, the better.

2. Make a free version of BIND, with a free implementation of RSA,
available outside the US.

3. Use DENTS (I am guessing that DENTS is a usable alternative to BIND).

    Having said that, this thread has been picked up by one of the
    upstream authors, and the possibility of a compile time option to
    leave RSA out looks like it might be forthcoming, so perhaps this is
    mostly just a misunderstanding.

Even if the BIND developers intend to cooperate fully with the free
software community, we still have the problem of how to support
DNSSEC, preferably without RSA.

Reply to: