Comparison of DNSSEC and DNSCurve
This page was a comparison between DNSSEC and DNSCurve.
Most of the information on this page has now been split into separate pages
discussing various attacks in much more detail,
and discussing the impact of DNSSEC and DNSCurve upon those attacks.
The following issues are not yet covered on separate pages:
Neither DNSSEC nor DNSCurve protects DNS data
against an attacker controlling parent computers.
DNSSEC, unlike DNSCurve, does protect DNS data
against an attacker controlling the administrator's DNS servers,
if the administrator generates keys and signatures on a separate computer
that has not been compromised.
DNSSEC, unlike DNSCurve, requires parents to extend their
web interface, database, registrar-registry protocol, etc.
Partial deployment of DNSCurve provides much more protection
than partial deployment of DNSSEC.
This is version 2009.06.24 of the dnssec.html web page.