against dnssec

[Kevin Kofler]

Reindl Harald wrote:
> in fact DNSSEC is the prerequisite for
> http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
> which has the potential to replace the horrible need of CA signed
> certificates for SSL which are in fact *completly* unrelieable because
> every random of the thousands entities your browsers trusts can sign any
> random domain certificate

The article also addresses (or claims to address) that, claiming that DANE 
only moves us from private cartel control to government control, which is 
not necessarily an improvement.

        Kevin Kofler