Nope. It doesn't work, that's the truth. Once again: It doesn't protect the weakest link in the chain at all, and where it tries to, it gets the crypto wrong to the point that it's not secure. It also causes outages. None of this is a matter of opinion. There's not two sides.
Nope - DNSSEC is harmful. Don't use it, and please don't mislead users otherwise, it's not responsible! I'm persisting here as your zealous style can give the impression that there are two sides, but there aren't. Hopefully it's noticeable that you don't rebut the points I make.
-
-
Frankly, you don't make any points worth rebutting. Just absolutist pronouncements based on no evidence. Anyway it is clear that you're holding on to your "all or nothing" (i.e. often nothing) security posture. Many of us have figured out why that's a bad idea and moved on.
-
Plenty of evidence for DNSSEC outages, plenty of evidence that DNSSEC does not in fact work, plenty of evidence of DNSSEC in DDOS attacks. Not end-to-end, broken crypto, downgrades, awful trust model, no end-user signaling. Don't use DNSSEC.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.