[Cerowrt-devel] "DNSSEC considered harmful"

Török Edwin edwin+ml-cerowrt at etorok.net
Sun May 11 06:43:25 PDT 2014


On 05/10/2014 04:30 AM, David P. Reed wrote:
> Reading a lot of this stuff suggests at most that DNSSEC is being overhyped and poorly implemented.
> 
> As a reason to abandon work on deploying DNSSEC so that it's easier to instantiate man in the middle attacks I find it unconvincing.
> 
> Is there an alternative?

For protecting just the DNS client <-> DNS server communication there is http://dnscurve.org/index.html
It doesn't seem to provide a way for a domain owner to cryptographically sign the records though.

Best regards,
--Edwin


More information about the Cerowrt-devel mailing list