Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] free SSL certs from the EFF

On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote:
> Based on my understanding of DNSSEC, it doesn't add security except
> in esoteric edge cases.

DNSSEC exists to solve one problem: cache poisoning. It does so by 
digitally signing entire zones. That's not security; it's authenticity. 
If you're expecting security from DNSSEC then your expectations have 
already been shattered. As an aside, I don't consider cache poisoning to 
be an edge case.

DNSCurve authenticates and encrypts DNS traffic using strong, fast 
crypto. So far, OpenDNS is the only major adopter.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /