This tweet and its thread has had over 100,000 views, WHICH WAS UNEXPECTED. There's also some offshoot threads about MITM and Forward Secrecy. While we're at it: ask me anything about TLS/SSL or the crypto involved and I'll answer here. NO SCARY MATH.https://twitter.com/colmmacc/status/978430840198742016 …
-
Show this thread
-
Replying to @colmmacc
What are your opinions on the current state DNSSEC? It seems to me that it is WAY under emphasized in importance.
1 reply 0 retweets 0 likes -
Replying to @benkershner
Sure, let me find my notes. Here they are ... DO NOT USE DNSSEC. DNSSEC DOESN'T WORK. DNSSEC CAUSES OUTAGES. DNSSEC MAKES DDOSES WORSE. DO NOT USE DNSSEC.
1 reply 2 retweets 6 likes -
Replying to @colmmacc
Is DNS security not a sizable issue or is there a better mousetrap out there?
1 reply 0 retweets 0 likes -
Replying to @benkershner
TLS + Certificate Transparency does a far better job for what DNSSEC aims to do (Hijacking domains, basically). Hail certificate transparency! No good answer yet for secure, private, encrypted DNS. DNSCurve and DoH (DNS over HTTPS) exist, but not practical IMO.
2 replies 2 retweets 2 likes -
Replying to @colmmacc @benkershner
What’s not practical about DOH? Curious to hear more
1 reply 0 retweets 0 likes
DOH is slow and there's a lot of overhead, and from a security POV it's an even bigger TCB in a low-level and security-critical layer. Hard to see it becoming ubiquitous.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.