[dns-operations] OpenDNS adopts DNSCurve

Matthew Dempsky matthew at dempsky.org
Wed Feb 24 21:58:37 UTC 2010


On Wed, Feb 24, 2010 at 1:39 PM, Crist Clark <Crist.Clark at globalstar.com> wrote:
> Whereas end-to-end security is the purpose of DNSSEC.

As Masataka Ohta has pointed out before, DNSSEC is not end-to-end
secure.  E.g., isc.org is still vulnerable to MITM attacks from
Verisign and Afilias, and Verisign has been fooled into issuing
"Microsoft Corporation" certificates to fraudulent individuals before.



More information about the dns-operations mailing list