[Discuss] free SSL certs from the EFF
Richard Pieri
richard.pieri at gmail.com
Tue Nov 25 10:15:51 EST 2014
On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote:
> Based on my understanding of DNSSEC, it doesn't add security except
> in esoteric edge cases.
DNSSEC exists to solve one problem: cache poisoning. It does so by
digitally signing entire zones. That's not security; it's authenticity.
If you're expecting security from DNSSEC then your expectations have
already been shattered. As an aside, I don't consider cache poisoning to
be an edge case.
DNSCurve authenticates and encrypts DNS traffic using strong, fast
crypto. So far, OpenDNS is the only major adopter.
--
Rich P.
More information about the Discuss
mailing list