On Mon, 11 May 2015 17:45:47 -0700, Kevin Chadwick <[email protected]>
wrote:
I wonder what is best more likely and easier to accomplish or gain
traction.
SMTPS or DNSSEC
DNSSEC causes problems but people seem to be wanting it enough to
implement it anyway, though many providers still including I believe
Google cloud dns do not. I am still in two minds about it.
I also have reservations about DNSSec, the primary one being that several
security minded people whose opinions I respect have already declared it
dead.
Below are some 'DNSSec is dead' sides of the argument
AppSec is Eating Security - Opening Keynote - AppSec California 2015 -
Alex Stamos
https://www.youtube.com/watch?v=-1kZMn1RueI#t=2432
DNSSec portion begins at 40:35
Slide 31 of 51
http://www.slideshare.net/astamos/appsec-is-eating-security
DNSSEC is dead. Several reasons why...
* Complexity
* Not end-to-end. How much do you trust your DNS provider?
* Invisible to user applications
Dan Bernstein: Authenticating The Whole Internet on Vimeo
http://vimeo.com/18417770
Dan Kaminsky's response - http://dankaminsky.com/2011/01/05/djb-ccc/
*** Personally I'm a fan of DNSChain over DNSSEC - https://okturtles.com/
***
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
