[Cialug] SOT: DNSSEC and what it means to the average joe
Zachary Kotlarek
zach at kotlarek.com
Thu Jan 28 21:15:37 CST 2010
On Jan 28, 2010, at 7:44 PM, Jeffrey Ollie wrote:
> Don't just leave it up to the providers, as DNSSEC will prevent
> providers from returning bogus DNS entries to redirect you to
> AD-ridden "support" pages. We need to insist that providers support
> DNSSEC.
Given how long and hard the road to DNS changes is, it would be nice if instead of DNSSEC we could insist that providers support something that actually provides transaction privacy, protection against replay attacks, doesn't require exposing your complete list of DNS entries. and uses encryption strong enough that it won't be useless in a decade (signatures are RSA-1024).
Given the choice between DNSSEC and nothing I guess I'll take DNSSEC -- it does provide some useful protections -- but to me it looks more like an excuse to ignore the fundamental problems in DNS for another 20 years than a real solution.
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20100128/e865e556/attachment-0001.bin
More information about the Cialug
mailing list