Re: [DNSOP] Practical issues deploying DNSSEC into the home.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ted,

What I like about this message is that you have demonstrated the potential severability of these issues.  Things are set up as they are for a matter of scaling.  Clearly it ain't perfect, and as one of my mentors would say, that represents an opportunity.  It's also pretty clear that we should be reviewing this stuff in consultation with ICANN's SSAC committee.

Eliot

On 9/12/13 7:21 PM, Theodore Ts'o wrote:
Fair enough, but if the goal is to prevent pervasive surveillance,
simply using a key exchange which provides perfect forward secrecy
will do that, even given the pathetic state of https security given
the realities of the web and the CA's out there.

Still, I agree with the general precept that perfect should not enemy
of the better, and DNSSEC certainly adds value.  I just get worried
about people who seem to think that DNSSEC is a panacea.

   		      		    	       - Ted




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]