[Cerowrt-devel] "DNSSEC considered harmful"
edwin+ml-cerowrt at etorok.net
Sun May 11 09:43:25 EDT 2014
On 05/10/2014 04:30 AM, David P. Reed wrote:
> Reading a lot of this stuff suggests at most that DNSSEC is being overhyped and poorly implemented.
> As a reason to abandon work on deploying DNSSEC so that it's easier to instantiate man in the middle attacks I find it unconvincing.
> Is there an alternative?
For protecting just the DNS client <-> DNS server communication there is http://dnscurve.org/index.html
It doesn't seem to provide a way for a domain owner to cryptographically sign the records though.
More information about the Cerowrt-devel