This talk will explain DNSCurve, a new project to add cryptographic protection to DNS. DNSCurve is much stronger than DNSSEC, much more robust, much less damaging to the Internet, much easier to implement, and much easier to use.

The critical design decision in DNSCurve is exactly the decision that DNSSEC rejected on the grounds of performance. Can busy sites keep up with the load? Advances in high-speed high-security elliptic-curve cryptography mean that the answer is yes. A single day of computation on a Core 2 Quad CPU is enough to cryptographically protect 50 billion packets exchanged with 500 million clients, more than the load on all of the Internet\'s top-level .com servers put together.

Daniel J. Bernstein is a Research Professor in the Department of Computer Science at the University of Illinois at Chicago. He is the author of two of the Internet\'s most popular server software packages, djbdns and qmail, and the lead developer of a new easy-to-use public-domain software library for high-speed cryptography. Prof. Bernstein\'s current mission is to cryptographically protect every Internet packet.