Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

[The Register] CloudFlare drinks the DNSSEC kool-aid, offers it on universal basis

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
parityboy
ForumHelper
Posts: 905
Joined: Wed Feb 05, 2014 3:47 am

[The Register] CloudFlare drinks the DNSSEC kool-aid, offers it on universal basis

Postby parityboy » Fri Nov 13, 2015 5:13 pm

Allegations regarding DNSSEC's ability to help nosey intelligence agencies were levelled by Thomas Ptacek, founder of Matasano Security, earlier this year. Ptacek's blogpost alleged that DNSSEC was unnecessary, a government-controlled public key infrastructure, cryptographically weak, expensive to adopt, expensive to deploy, unsafe, incomplete, and architecturally unsound.

Ptacek also stated that "DNSSEC doesn't have to happen."

If you’re running systems carefully today, no security problem you have gets solved by deploying DNSSEC. But lots of other problems — software maintenance, network operations, user support, protecting your secrets from NSA/GCHQ — get harder.

It is not only CloudFlare disagreeing with Ptacek, however. Zachary Lym, the lead UX engineer at Namecoin, wrote in response that "DNSSEC is vital to the security of the internet" and offered a counterpoint to each of Ptacek's claims.


Source

Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 8 guests

Login