Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

[El Reg] Is the DNS' security protocol a waste of everyone's time and money?

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1220
Joined: Wed Feb 05, 2014 3:47 am

[El Reg] Is the DNS' security protocol a waste of everyone's time and money?

Postby parityboy » Wed Mar 18, 2015 9:49 pm

Internet security experts are arguing over whether a key protocol for protecting the internet's naming systems should be killed off.

DNSSEC was developed in 1994 but it wasn't taken seriously until 2008 when a bug in the domain name system's software made it possible for someone to imitate any server – from websites or email hosts – though "cache poisoning."

After a decade of DNSSEC use (and five since it was used to secure the internet's root), internet experts are now questioning whether we should bother with DNSSEC at all, especially given the difficulty and high cost of rolling it out.

In a blog post at the start of the year, Thomas Ptacek, founder of Matasano Security, laid into the protocol saying it was weak, unsafe, incomplete, unnecessary, expensive and "government controlled."

"There are better DNS security proposals circulating already," he argued. "They tend to start at the browser and work their way back to the roots. Support those proposals, and keep DNSSEC code off your servers."


Source

Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 5 guests

Login