> -----Ursprungligt meddelande----- > Från: Paul Hoffman [mailto:[email protected]] > Skickat: den 16 januari 2015 17:38 > Till: Anne-Marie Eklund-Löwinder > Kopia: <[email protected]> > Ämne: Re: [Dnssec-deployment] "Against DNSSEC" > > On Jan 15, 2015, at 11:55 PM, Anne-Marie Eklund-Löwinder <anne- > [email protected]> wrote: > > Isn't this some of the usual gibberish and misunderstandings put on a > website? > > No, for the reasons Dan gave in his initial message. Thomas Ptacek is well- > regarded in parts of the security community, and the article has been picked > up and repeated in fora that are influential with technology adopters.
I believe Dans initial message was on the dnssec-coordination list, but it is
probably the same people there as here anyway. ;-)
>
> > There are more like this on the internet.
>
> There is more like *anything* on the internet. :-)
>
> > Like there probably are sites where people claim the earth is flat. :)
>
> If you wish to dismiss the article that way, fine, but do note Ptacek has a
> reasonable record for discussing the cost/benefit tradeoffs of other security
> technologies. I often disagree with his choices where on the spectrum to
> pick, and his title on this article is clearly link-baity, but he is popular
> in many
> circles.
No, not really, but I found the ranting tone of the article to be quite
provocative.
>
> > I don't know if it is worth the effort to try to straighten it up, the
> > sender is
> probably not in the receiving mode.
>
> As Dan said in his initial message, a response would not meant for the writer,
> but for the larger community. And, as Dan said, some of the points in the
> article are valid, even if they are mixed in with hyperbole.
There are just so much information and explanations made already over the past
ten years, just point to the right source and document. I don't think it will
help much, but maybe I am just pessimistic. There will always be disbeliever
and slanderer that will never be convinced, as well as there will always be
assured instigators willing to continue to make it right.
I stick to the point that the article is at least somewhat broken. The
arguments claiming that dnssec is centralized and managed by the government
feels a bit paranoid.
The article seems to be founded on the opinion that dnssec is bad since nobody
does it right anyway, like clients not checking authenticity on zones. Well,
that is more or less like stating that pedestrian crossings is bad and
unnecessary since people cross the streets elsewhere anyway.
Key lengths, algorithms and cryptography may be discussed ad finitum, and that
is probably fine.
Anne-Marie
PGP.sig
Description: PGP signature
