On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote:
Based on my understanding of DNSSEC, it doesn't add security except
in esoteric edge cases.

DNSSEC exists to solve one problem: cache poisoning. It does so by digitally signing entire zones. That's not security; it's authenticity. If you're expecting security from DNSSEC then your expectations have already been shattered. As an aside, I don't consider cache poisoning to be an edge case.

DNSCurve authenticates and encrypts DNS traffic using strong, fast crypto. So far, OpenDNS is the only major adopter.

--
Rich P.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to