[Discuss] free SSL certs from the EFF
Derek Martin
invalid at pizzashack.org
Tue Nov 25 13:40:13 EST 2014
On Tue, Nov 25, 2014 at 10:15:51AM -0500, Richard Pieri wrote:
> On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote:
> >Based on my understanding of DNSSEC, it doesn't add security except
> >in esoteric edge cases.
>
> DNSSEC exists to solve one problem: cache poisoning. It does so by
> digitally signing entire zones. That's not security; it's
> authenticity.
Authentication is one aspect of security (it is famously one of the
three A's of security, the other two being authorization and
auditability), so sure, yes, it is security. It is not COMPLETE
security... but complete security is a fairy tale.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
More information about the Discuss
mailing list