BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] free SSL certs from the EFF
- Subject: [Discuss] free SSL certs from the EFF
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Wed, 03 Dec 2014 11:20:37 -0500
- In-reply-to: <sjmy4qobui6.fsf@securerf.ihtfp.org>
- References: <546C4823.6060900@gmail.com> <BN3PR0401MB1204BAB10AE6249C54E4E81BDC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <54737E7C.5040506@mattgillen.net> <BN3PR0401MB1204CDD16766109B0CD095ECDC730@BN3PR0401MB1204.namprd04.prod.outlook.com> <sjm8uirdxem.fsf@securerf.ihtfp.org> <BN3PR0401MB1204B299B351DFF7F2E85FBDDC7D0@BN3PR0401MB1204.namprd04.prod.outlook.com> <sjmlhmqcb1j.fsf@securerf.ihtfp.org> <BN3PR0401MB120492A5BDE4D3CEE0AECDD3DC7A0@BN3PR0401MB1204.namprd04.prod.outlook.com> <sjm8uiqc7sw.fsf@securerf.ihtfp.org> <547E0FB3.3070005@gmail.com> <sjmy4qobui6.fsf@securerf.ihtfp.org>
On 12/3/2014 10:52 AM, Derek Atkins wrote: > Actually, it was designed to protect against that. I sat in the > IETF meetings where that was explicitly discussed. If an intermediary > strips the DNSSEC records out then a resolver expecting DNSSEC will > force a validation error. Which results in a denial of service for clients if DNSSEC is enforced. That's not protecting users; that's dumping them into black holes. > Well, it sort of does, but it's not easy. But this is why they use > ZSKs. The Root Zone KSK is mightily protected. So, too, allegedly, were the keys at DigiNotar. -- Rich P.
- Follow-Ups:
- [Discuss] free SSL certs from the EFF
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] free SSL certs from the EFF
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] free SSL certs from the EFF
- References:
- [Discuss] free SSL certs from the EFF
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] free SSL certs from the EFF
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] free SSL certs from the EFF
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] free SSL certs from the EFF
- Next by Date: [Discuss] Python module for Windows services that runs on Linux
- Previous by thread: [Discuss] free SSL certs from the EFF
- Next by thread: [Discuss] free SSL certs from the EFF
- Index(es):
