Sujet : Re: [LINK] Calling time on DNSSEC?
De : invalid (at) *nospam* invalid.invalid (Richard Kettlewell)
Groupes : comp.miscDate : 28. Nov 2024, 09:52:31
Autres entêtes
Organisation : terraraq NNTP server
Message-ID : <wwva5dj91v4.fsf@LkoBDZeT.terraraq.uk>
References : 1 2 3 4
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Grant Taylor <
gtaylor@tnetconsulting.net> writes:
On 11/27/24 02:40, Richard Kettlewell wrote:
It’s not enough. It can secure the name-to-address mapping but does
nothing for the security of any data sent or received.
>
DNS, without security, doesn't have anything to do with security data
sent or received either.
>
Apples and lug-nuts always have been and always will be completely
different things that do completely different things.
If you’re writing that then I don’t think you understood my point.
The problem people actually have is exchanging information with websites
without anyone else being able to read or modify that data.
DNSSEC on its own obviously can’t solve that.
DNS + TLS does solve it, sufficiently well. (Using TLS to include
Internet PKI.)
DNSSEC + TLS would also solve it, but why would someone bother with
DNSSEC when DNS+TLS is good enough for their needs?
-- https://www.greenend.org.uk/rjk/
[LINK] Calling time on DNSSEC?
Re: [LINK] Calling time on DNSSEC?