On Tue, Nov 25, 2014 at 10:15:51AM -0500, Richard Pieri wrote: > On 11/25/2014 6:28 AM, Edward Ned Harvey (blu) wrote: > >Based on my understanding of DNSSEC, it doesn't add security except > >in esoteric edge cases. > > DNSSEC exists to solve one problem: cache poisoning. It does so by > digitally signing entire zones. That's not security; it's > authenticity.
Authentication is one aspect of security (it is famously one of the three A's of security, the other two being authorization and auditability), so sure, yes, it is security. It is not COMPLETE security... but complete security is a fairy tale. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
_______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
