against dnssec
Kevin Kofler
kevin.kofler at chello.at
Sun Jan 18 02:43:00 UTC 2015
Reindl Harald wrote:
> in fact DNSSEC is the prerequisite for
> http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
> which has the potential to replace the horrible need of CA signed
> certificates for SSL which are in fact *completly* unrelieable because
> every random of the thousands entities your browsers trusts can sign any
> random domain certificate
The article also addresses (or claims to address) that, claiming that DANE
only moves us from private cartel control to government control, which is
not necessarily an improvement.
Kevin Kofler
More information about the devel
mailing list