RT @tqbf: Google takes an affirmative step towards finally killing off DNSSEC, deploys MTA-STS. https://security.googleblog.com/2019/04/gmail-making-email-more-secure-with-mta.html …
DNSSEC doesn’t guarantee you that you are connecting to the right server. Domain names expire and switch hands all the time. Not so relevant for SSH, quite relevant for email and DNS-over-TLS/HTTPS.
-
-
This just exceeded my understanding. Doesn't DNSSEC just make sure I'm connecting to the correct IP address for that hostname?
-
Yes, but note that’s not enough for security! All that told you is that you can trust the mapping between name and IP. But IP addresses aren’t cryptographically trustworthy either!
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.