On 05/10/2014 04:30 AM, David P. Reed wrote: > Reading a lot of this stuff suggests at most that DNSSEC is being overhyped > and poorly implemented. > > As a reason to abandon work on deploying DNSSEC so that it's easier to > instantiate man in the middle attacks I find it unconvincing. > > Is there an alternative?
For protecting just the DNS client <-> DNS server communication there is http://dnscurve.org/index.html It doesn't seem to provide a way for a domain owner to cryptographically sign the records though. Best regards, --Edwin _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
