Reading a lot of this stuff suggests at most that DNSSEC is being overhyped and poorly implemented.

As a reason to abandon work on deploying DNSSEC so that it's easier to instantiate man in the middle attacks I find it unconvincing.

Is there an alternative?

On May 8, 2014, Maciej Soltysiak <maciej@soltysiak.com> wrote:
>Hi,
>
>I read a twitter conversation last night where somebody said DNSSEC is
>harmful. I asked why and I got this littany of issues:
>http://ianix.com/pub/dnssec-outages.html
>
>I was blown away not only by the sheer evidence of outages, but
>especially
>by the quotes in last sections: Miscellaneous and What a mess.
>
>I don't know, have a look, I just wanted to share as I wasn't aware of
>things that didn't go well with DNSSEC. I'm not suggesting anything re
>Cerowrt here.
>
>Best regards,
>Maciej
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Cerowrt-devel mailing list
>Cerowrt-devel@lists.bufferbloat.net
>https://lists.bufferbloat.net/listinfo/cerowrt-devel

-- Sent from my Android device with K-@ Mail. Please excuse my brevity.