[dns-operations] OpenDNS adopts DNSCurve
David Conrad
drc at virtualized.org
Wed Feb 24 22:17:49 UTC 2010
On Feb 24, 2010, at 1:58 PM, Matthew Dempsky wrote:
> On Wed, Feb 24, 2010 at 1:39 PM, Crist Clark <Crist.Clark at globalstar.com> wrote:
>> Whereas end-to-end security is the purpose of DNSSEC.
>
> As Masataka Ohta has pointed out before, DNSSEC is not end-to-end
> secure.
Not really. What he has pointed out is that if you redefine terms, you can demonstrate pretty much anything you like.
> E.g., isc.org is still vulnerable to MITM attacks from
> Verisign and Afilias, and Verisign has been fooled into issuing
> "Microsoft Corporation" certificates to fraudulent individuals before.
This sort of reductio ad absurdum argument really is a complete waste of time.
Regards,
-drc
More information about the dns-operations
mailing list