On Sun, 18 Jan 2015, Neal Becker wrote:
The articles author has responded here:
http://sockpuppet.org/stuff/dnssec-qa.html
This quote caught my attention:
DNSSEC deployment guides go so far as to recommend against deployment of DNSSEC
validation on end-systems. So significant is the inclinati
Neal Becker wrote:
>This quote caught my attention:
>
>DNSSEC deployment guides go so far as to recommend against deployment
>of DNSSEC validation on end-systems.
Where are those guides, who wrote them, and what are their arguments
against local validation?
>So significant is the inclination
>aga
Paul Wouters wrote:
> On Sat, 17 Jan 2015, Björn Persson wrote:
>
>> Both CAs and DNSSEC can be attacked by governments in different ways.
>> The author thinks that DNSSEC is more vulnerable. I happen to disagree,
>> but more importantly, those who feel that they need to can secure their
>> keys
On Sat, 17 Jan 2015, Paul Wouters wrote:
Furthermore, "government control is a simplistic overstatement". For
one, some government is in control of the TLD to begin with. They
can yank your domain or serve it with arbitrary content, regardless
of whether your certificate is validated by CA/PKIX o
Am 18.01.2015 um 03:43 schrieb Kevin Kofler:
Reindl Harald wrote:
in fact DNSSEC is the prerequisite for
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
which has the potential to replace the horrible need of CA signed
certificates for SSL which are in fact *completly* u
On Sun, 18 Jan 2015, Kevin Kofler wrote:
This is becoming rather of-topic for DNS. I think they key thing to
remember is that DNSSEC reduces the number of parties that can send
malicious or forged DNS messages from "infinite" to "a few" and where
these "few" are also part of the current "infinite
Reindl Harald wrote:
> in fact DNSSEC is the prerequisite for
> http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
> which has the potential to replace the horrible need of CA signed
> certificates for SSL which are in fact *completly* unrelieable because
> every random of the
On Sat, 17 Jan 2015, Björn Persson wrote:
Both CAs and DNSSEC can be attacked by governments in different ways.
The author thinks that DNSSEC is more vulnerable. I happen to disagree,
but more importantly, those who feel that they need to can secure their
keys both through DANE and with a certif
Neal Becker wrote:
>I personally know nothing of the subject, but found this article, I
>wonder if there's any truth here? If so, maybe the push for dnssec on
>f22 isn't as wonderful as supposed:
>
>http://sockpuppet.org/blog/2015/01/15/against-dnssec/
"DNSSEC is Unnecessary"
His argument seems
On 16.1.2015 05:19, Richard W.M. Jones wrote:> On Thu, Jan 15, 2015 at
07:45:00PM -0500, Neal Becker wrote:
>> > I personally know nothing of the subject, but found this article, I
wonder if
>> > there's any truth here? If so, maybe the push for dnssec on f22 isn't as
>> > wonderful as supposed:
>
On Thu, Jan 15, 2015 at 07:45:00PM -0500, Neal Becker wrote:
> I personally know nothing of the subject, but found this article, I wonder if
> there's any truth here? If so, maybe the push for dnssec on f22 isn't as
> wonderful as supposed:
>
> http://sockpuppet.org/blog/2015/01/15/against-dnss
Am 16.01.2015 um 01:45 schrieb Neal Becker:
I personally know nothing of the subject, but found this article
than you should get some understanding *before* refer to random articles
on the web where the only truth fact is the expensive deployment which
does not bother you on the enduser mach
That article is terrible. I will respond to it later. It is definitely not a
valid reason to revisit the fedora feature.
Paul
Sent from my iPhone
> On Jan 15, 2015, at 19:45, Neal Becker wrote:
>
> I personally know nothing of the subject, but found this article, I wonder if
> there's any t
13 matches
Mail list logo
