Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

[The Register] CloudFlare drinks the DNSSEC kool-aid, offers it on universal basis

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1096
Joined: Wed Feb 05, 2014 3:47 am

[The Register] CloudFlare drinks the DNSSEC kool-aid, offers it on universal basis

Postby parityboy » Fri Nov 13, 2015 5:13 pm

Allegations regarding DNSSEC's ability to help nosey intelligence agencies were levelled by Thomas Ptacek, founder of Matasano Security, earlier this year. Ptacek's blogpost alleged that DNSSEC was unnecessary, a government-controlled public key infrastructure, cryptographically weak, expensive to adopt, expensive to deploy, unsafe, incomplete, and architecturally unsound.

Ptacek also stated that "DNSSEC doesn't have to happen."

If you’re running systems carefully today, no security problem you have gets solved by deploying DNSSEC. But lots of other problems — software maintenance, network operations, user support, protecting your secrets from NSA/GCHQ — get harder.

It is not only CloudFlare disagreeing with Ptacek, however. Zachary Lym, the lead UX engineer at Namecoin, wrote in response that "DNSSEC is vital to the security of the internet" and offered a counterpoint to each of Ptacek's claims.


Source

Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 5 guests

Login