[dns-operations] OpenDNS adopts DNSCurve

David Conrad drc at virtualized.org
Wed Feb 24 22:17:49 UTC 2010


On Feb 24, 2010, at 1:58 PM, Matthew Dempsky wrote:
> On Wed, Feb 24, 2010 at 1:39 PM, Crist Clark <Crist.Clark at globalstar.com> wrote:
>> Whereas end-to-end security is the purpose of DNSSEC.
> 
> As Masataka Ohta has pointed out before, DNSSEC is not end-to-end
> secure.  

Not really. What he has pointed out is that if you redefine terms, you can demonstrate pretty much anything you like.

> E.g., isc.org is still vulnerable to MITM attacks from
> Verisign and Afilias, and Verisign has been fooled into issuing
> "Microsoft Corporation" certificates to fraudulent individuals before.

This sort of reductio ad absurdum argument really is a complete waste of time.

Regards,
-drc




More information about the dns-operations mailing list