[Discuss] free SSL certs from the EFF
Derek Martin
invalid at pizzashack.org
Thu Dec 4 11:36:45 EST 2014
On Thu, Dec 04, 2014 at 11:01:49AM -0500, Richard Pieri wrote:
> On 12/4/2014 10:35 AM, Derek Atkins wrote:
> >If I'm sitting in a hotel room behind a broken middleware box then I
> >know, for sure, that the middleware is breaking me; I can turn off
> >validation at that point
>
> So, DNSSEC validation is something that needs to be turned off in
> order to use DNS in the kinds of environments where DNSSEC
> validation would be most desirable.
Come on man, this statement is very obviously false. It only needs to
be turned off in very specific, very limited circumstances, namely
when you MUST do whatever you're doing RIGHT NOW, AND you can't find a
reasonable alternative, like doing your work from a starbucks (or
other hotspot or whatever) across the street, AND the consequences of
not doing it RIGHT NOW are worse than the risk of getting hacked...
..which is like, never.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
More information about the Discuss
mailing list