against dnssec
Reindl Harald
h.reindl at thelounge.net
Fri Jan 16 02:30:12 UTC 2015
Am 16.01.2015 um 01:45 schrieb Neal Becker:
> I personally know nothing of the subject, but found this article
than you should get some understanding *before* refer to random articles
on the web where the only truth fact is the expensive deployment which
does not bother you on the enduser machine
frankly there is so much crap in context of encryption and security on
the web written by clueless people and way too often blindly followed by
also clueless admins breaking there setup without notice and
recommending others to do the same
in fact DNSSEC is the prerequisite for
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
which has the potential to replace the horrible need of CA signed
certificates for SSL which are in fact *completly* unrelieable because
every random of the thousands entities your browsers trusts can sign any
random domain certificate
> I wonder if there's any truth here? If so, maybe the push for
> dnssec on f22 isn't as wonderful as supposed:
>
> http://sockpuppet.org/blog/2015/01/15/against-dnssec/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150116/5406077c/attachment.sig>
More information about the devel
mailing list