BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] free SSL certs from the EFF
- Subject: [Discuss] free SSL certs from the EFF
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Tue, 25 Nov 2014 10:15:51 -0500
- In-reply-to: <BN3PR0401MB1204CDD16766109B0CD095ECDC730@BN3PR0401MB1204.namprd04.prod.outlook.com>
- References: <546C4823.6060900@gmail.com> <BN3PR0401MB1204BAB10AE6249C54E4E81BDC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <54737E7C.5040506@mattgillen.net> <BN3PR0401MB1204CDD16766109B0CD095ECDC730@BN3PR0401MB1204.namprd04.prod.outlook.com>
On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote: > Based on my understanding of DNSSEC, it doesn't add security except > in esoteric edge cases. DNSSEC exists to solve one problem: cache poisoning. It does so by digitally signing entire zones. That's not security; it's authenticity. If you're expecting security from DNSSEC then your expectations have already been shattered. As an aside, I don't consider cache poisoning to be an edge case. DNSCurve authenticates and encrypts DNS traffic using strong, fast crypto. So far, OpenDNS is the only major adopter. -- Rich P.
- Follow-Ups:
- [Discuss] free SSL certs from the EFF
- From: invalid at pizzashack.org (Derek Martin)
- [Discuss] free SSL certs from the EFF
- References:
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] Advanced file permisions
- Next by Date: [Discuss] Advanced file permisions
- Previous by thread: [Discuss] free SSL certs from the EFF
- Next by thread: [Discuss] free SSL certs from the EFF
- Index(es):