I couldn't help smile about the 'government controlled PKI' part, as I do have a slide in my decks titled 'why DNSSEC is not a PKI' I don't have one about the government part though.
(I know that what is or isn't a PKI can be debatable, but it made me smile nevertheless) My main critique would be that, yes, many times it's true that if X is 'done properly', then Y is not necessary. Well, we've learnt over the years that security is better done in layers, you might not have control over 'doing X properly' at all, or there might not be enough indications that X has been subverted if Y is not also secured. I'm not going into the 'government controlled' part :-) Carlos On 1/15/15 11:46 PM, David Conrad wrote: > Perhaps of interest: > > http://sockpuppet.org/blog/2015/01/15/against-dnssec/ > > Regards, > -drc >
