Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] free SSL certs from the EFF



On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote:
> Based on my understanding of DNSSEC, it doesn't add security except
> in esoteric edge cases.

DNSSEC exists to solve one problem: cache poisoning. It does so by 
digitally signing entire zones. That's not security; it's authenticity. 
If you're expecting security from DNSSEC then your expectations have 
already been shattered. As an aside, I don't consider cache poisoning to 
be an edge case.

DNSCurve authenticates and encrypts DNS traffic using strong, fast 
crypto. So far, OpenDNS is the only major adopter.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org