On Sun, 18 Jan 2015, Neal Becker wrote:
The articles author has responded here:
http://sockpuppet.org/stuff/dnssec-qa.html
This quote caught my attention:
DNSSEC deployment guides go so far as to recommend against deployment of DNSSEC
validation on end-systems. So significant is the inclinati
Neal Becker wrote:
>This quote caught my attention:
>
>DNSSEC deployment guides go so far as to recommend against deployment
>of DNSSEC validation on end-systems.
Where are those guides, who wrote them, and what are their arguments
against local validation?
>So significant is the inclination
>aga
Paul Wouters wrote:
> On Sat, 17 Jan 2015, Björn Persson wrote:
>
>> Both CAs and DNSSEC can be attacked by governments in different ways.
>> The author thinks that DNSSEC is more vulnerable. I happen to disagree,
>> but more importantly, those who feel that they need to can secure their
>> keys
On Sat, 17 Jan 2015, Paul Wouters wrote:
Furthermore, "government control is a simplistic overstatement". For
one, some government is in control of the TLD to begin with. They
can yank your domain or serve it with arbitrary content, regardless
of whether your certificate is validated by CA/PKIX o
Am 18.01.2015 um 03:43 schrieb Kevin Kofler:
Reindl Harald wrote:
in fact DNSSEC is the prerequisite for
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
which has the potential to replace the horrible need of CA signed
certificates for SSL which are in fact *completly* u
On Sun, 18 Jan 2015, Kevin Kofler wrote:
This is becoming rather of-topic for DNS. I think they key thing to
remember is that DNSSEC reduces the number of parties that can send
malicious or forged DNS messages from "infinite" to "a few" and where
these "few" are also part of the current "infinite
Reindl Harald wrote:
> in fact DNSSEC is the prerequisite for
> http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
> which has the potential to replace the horrible need of CA signed
> certificates for SSL which are in fact *completly* unrelieable because
> every random of the
On Sat, 17 Jan 2015, Björn Persson wrote:
Both CAs and DNSSEC can be attacked by governments in different ways.
The author thinks that DNSSEC is more vulnerable. I happen to disagree,
but more importantly, those who feel that they need to can secure their
keys both through DANE and with a certif
Neal Becker wrote:
>I personally know nothing of the subject, but found this article, I
>wonder if there's any truth here? If so, maybe the push for dnssec on
>f22 isn't as wonderful as supposed:
>
>http://sockpuppet.org/blog/2015/01/15/against-dnssec/
"DNSSEC
t as
>> > wonderful as supposed:
>> >
>> > http://sockpuppet.org/blog/2015/01/15/against-dnssec/
> Considerable amount of commentary on this article here:
>
> https://news.ycombinator.com/item?id=8894902
Wow, it seems that DNSSEC topic joined The Flamewar Club an
On Thu, Jan 15, 2015 at 07:45:00PM -0500, Neal Becker wrote:
> I personally know nothing of the subject, but found this article, I wonder if
> there's any truth here? If so, maybe the push for dnssec on f22 isn't as
> wonderful as supposed:
>
> http://sockpuppet.or
certificate
I wonder if there's any truth here? If so, maybe the push for
dnssec on f22 isn't as wonderful as supposed:
http://sockpuppet.org/blog/2015/01/15/against-dnssec/
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
devel@lists.fedoraproject
there's any truth here? If so, maybe the push for dnssec on f22 isn't as
> wonderful as supposed:
>
> http://sockpuppet.org/blog/2015/01/15/against-dnssec/
>
> --
> -- Those who don't understand recursion are doomed to repeat it
>
> --
> deve
I personally know nothing of the subject, but found this article, I wonder if
there's any truth here? If so, maybe the push for dnssec on f22 isn't as
wonderful as supposed:
http://sockpuppet.org/blog/2015/01/15/against-dnssec/
--
-- Those who don't understand recursion are d
14 matches
Mail list logo
