[dns-operations] Is DNSSEC causing more problems than it solves.
Paul Vixie
paul at redbarn.org
Tue Feb 23 15:38:02 UTC 2016
Brett wrote:
> Note the subject is from the article and of course not my opinion.
>
> Thought some of you might find this (and the linked documents and blog
> posts) interesting.
marie already linked my previously expressed views into this thread, so
let me add something new:
>
> http://www.theregister.co.uk/2016/02/23/dnssec_more_problem_than_solution/
>
if the ultimate benefit of dnssec is JUST and ONLY to allow caching
recursives to detect and reject end to end tampering, then that good is
not as large as the risk and cost of deploying dnssec.
however, the end game here is dnssec-aware applications, like DANE. and
that outcome is well worth all known and imaginable risks and costs of
deploying dnssec.
so, the headline above could be true, "from a certain point of view."
--
P Vixie
More information about the dns-operations
mailing list