[dns-operations] DNS challenge+response paper

Petr Špaček petr.spacek at nic.cz
Fri Jun 22 11:47:17 UTC 2018


On 22.6.2018 12:56, Tony Finch wrote:
> Mark Andrews <marka at isc.org> wrote:
>>
>> DTLS also brings with it all the parts of the code that have been really
>> buggy in OpenSSL to both the client and the server.
> 
> Yes, it gives me the heebie-jeebies, but I think I'm remembering the
> 2014-2016 period when there were a lot of really nasty DTLS bugs. It has
> been a lot quieter in the last two years, which is good to see. Perhaps my
> wariness is no longer justified...
We have seen bunch of bugs in implementations of TLS, DTLS, and DNSSEC
validation as well.

Does it mean we should be not be using any of these technologies?
I do not think so.

-- 
Petr Špaček  @  CZ.NIC



More information about the dns-operations mailing list