On Tue, Nov 25, 2014 at 10:15:51AM -0500, Richard Pieri wrote:
> On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote:
> >Based on my understanding of DNSSEC, it doesn't add security except
> >in esoteric edge cases.
> 
> DNSSEC exists to solve one problem: cache poisoning. It does so by
> digitally signing entire zones. That's not security; it's
> authenticity. 

Authentication is one aspect of security (it is famously one of the
three A's of security, the other two being authorization and
auditability), so sure, yes, it is security.  It is not COMPLETE
security... but complete security is a fairy tale.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to