[118580] in cryptography@c2.net mail archive
Re: How is DNSSEC
daemon@ATHENA.MIT.EDU (Dave Howe)
Wed Mar 26 13:07:06 2008
Date: Sat, 22 Mar 2008 08:41:07 +0000
From: Dave Howe <DaveHowe@gmx.co.uk>
To: "Email List - Cryptography" <cryptography@metzdowd.com>
In-Reply-To: <47E2EA97.9080001@echeque.com>
James A. Donald wrote:
> From time to time I hear that DNSSEC is working fine, and on examining
> the matter I find it is "working fine" except that ....
DNSSEC is "working fine" as a technology. However, it is worth
remembering that it works based on digitally signing an entire zone -
the state of the world being what it is, most people prohibit xfer so
any other technology that would allow a zonewalk is not going to be
deployed.
as far as I can tell, this is a basic design flaw, so isn't going to be
rectified anytime soon.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
