DNSSEC doesn't actually work. That's not hyperbolic, it really doesn't work. It does cause outages, again, not hyperbole. Please don't mislead users otherwise, it's not responsible. Again: Don't use it.
DNSSEC isn't suited to its role. It doesn't actually work, and it causes outages. Of course I hate that. There's no room for "agree to disagree"; "secure" as a verb doesn't apply to something that uses SHA1.
-
-
DNSSEC does not rely on collision resistance, only 2nd-preimage resistance. There are no preimage attacks on SHA1, and none expected any time soon. Lots of domains use SHA258 (alg 8). You don't understand rfc7435. Your absolutist posture is harmful.
-
Nope - DNSSEC is harmful. Don't use it, and please don't mislead users otherwise, it's not responsible! I'm persisting here as your zealous style can give the impression that there are two sides, but there aren't. Hopefully it's noticeable that you don't rebut the points I make.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.