Paul Wouters wrote:
On Sat, 17 Jan 2015, Björn Persson wrote:
Both CAs and DNSSEC can be attacked by governments in different ways.
The author thinks that DNSSEC is more vulnerable. I happen to disagree,
but more importantly, those who feel that they need to can secure their
keys both
On Sat, 17 Jan 2015, Paul Wouters wrote:
Furthermore, government control is a simplistic overstatement. For
one, some government is in control of the TLD to begin with. They
can yank your domain or serve it with arbitrary content, regardless
of whether your certificate is validated by CA/PKIX or
Neal Becker wrote:
This quote caught my attention:
DNSSEC deployment guides go so far as to recommend against deployment
of DNSSEC validation on end-systems.
Where are those guides, who wrote them, and what are their arguments
against local validation?
So significant is the inclination
against
On Sun, 18 Jan 2015, Neal Becker wrote:
The articles author has responded here:
http://sockpuppet.org/stuff/dnssec-qa.html
This quote caught my attention:
DNSSEC deployment guides go so far as to recommend against deployment of DNSSEC
validation on end-systems. So significant is the
Neal Becker wrote:
I personally know nothing of the subject, but found this article, I
wonder if there's any truth here? If so, maybe the push for dnssec on
f22 isn't as wonderful as supposed:
http://sockpuppet.org/blog/2015/01/15/against-dnssec/
DNSSEC is Unnecessary
His argument seems
On Sat, 17 Jan 2015, Björn Persson wrote:
Both CAs and DNSSEC can be attacked by governments in different ways.
The author thinks that DNSSEC is more vulnerable. I happen to disagree,
but more importantly, those who feel that they need to can secure their
keys both through DANE and with a
Am 18.01.2015 um 03:43 schrieb Kevin Kofler:
Reindl Harald wrote:
in fact DNSSEC is the prerequisite for
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
which has the potential to replace the horrible need of CA signed
certificates for SSL which are in fact *completly*
Reindl Harald wrote:
in fact DNSSEC is the prerequisite for
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
which has the potential to replace the horrible need of CA signed
certificates for SSL which are in fact *completly* unrelieable because
every random of the
On Sun, 18 Jan 2015, Kevin Kofler wrote:
This is becoming rather of-topic for DNS. I think they key thing to
remember is that DNSSEC reduces the number of parties that can send
malicious or forged DNS messages from infinite to a few and where
these few are also part of the current infinite.
://sockpuppet.org/blog/2015/01/15/against-dnssec/
Considerable amount of commentary on this article here:
https://news.ycombinator.com/item?id=8894902
Wow, it seems that DNSSEC topic joined The Flamewar Club and will have its
place next to Windows x *nix flamewars :-)
Tomas Hozza and me
On Thu, Jan 15, 2015 at 07:45:00PM -0500, Neal Becker wrote:
I personally know nothing of the subject, but found this article, I wonder if
there's any truth here? If so, maybe the push for dnssec on f22 isn't as
wonderful as supposed:
http://sockpuppet.org/blog/2015/01/15/against-dnssec
I personally know nothing of the subject, but found this article, I wonder if
there's any truth here? If so, maybe the push for dnssec on f22 isn't as
wonderful as supposed:
http://sockpuppet.org/blog/2015/01/15/against-dnssec/
--
-- Those who don't understand recursion are doomed to repeat
if
there's any truth here? If so, maybe the push for dnssec on f22 isn't as
wonderful as supposed:
http://sockpuppet.org/blog/2015/01/15/against-dnssec/
--
-- Those who don't understand recursion are doomed to repeat it
--
devel mailing list
devel@lists.fedoraproject.org
https
certificate
I wonder if there's any truth here? If so, maybe the push for
dnssec on f22 isn't as wonderful as supposed:
http://sockpuppet.org/blog/2015/01/15/against-dnssec/
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
devel@lists.fedoraproject.org
https
14 matches
Mail list logo
