Sujet : Re: [LINK] Calling time on DNSSEC?
De : invalid (at) *nospam* invalid.invalid (Richard Kettlewell)
Groupes : comp.miscDate : 27. Nov 2024, 09:40:16
Autres entêtes
Organisation : terraraq NNTP server
Message-ID : <wwva5dlul1r.fsf@LkoBDZeT.terraraq.uk>
References : 1 2
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Grant Taylor <
gtaylor@tnetconsulting.net> writes:
On 11/26/24 16:44, Computer Nerd Kev wrote:
How have we got to this point?" ...
>
Too many people stop once they achieve what they think is the minimum
viable product. Basic insecure DNS is that MVP when it comes to name
resolution.
People move on to other MVP tasks that demand their attention and
never get back around to DNSSEC.
>
I've been using DNSSEC for 10-15 years with effectively minimal
problems.
I use it too, a bit.
It’s not enough. It can secure the name-to-address mapping but does
nothing for the security of any data sent or received. You need TLS (or
SSH, or whatever) as well, and those already deal with naming. So it’s
natural to ask why someone would bother with DNSSEC as well, and hardly
surprising that mostly the answer is that people don’t.
-- https://www.greenend.org.uk/rjk/
[LINK] Calling time on DNSSEC?
Re: [LINK] Calling time on DNSSEC?