[128978] in North American Network Operators' Group
Re: DNSSEC and SSL
daemon@ATHENA.MIT.EDU (ML)
Sun Aug 22 09:11:41 2010
Date: Sun, 22 Aug 2010 09:11:43 -0400
From: ML <ml@kenweb.org>
To: Mikael Abrahamsson <swmike@swm.pp.se>
In-Reply-To: <alpine.DEB.1.10.1008220835130.8562@uplift.swm.pp.se>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 8/22/2010 2:38 AM, Mikael Abrahamsson wrote:
> No, because DNSSEC isn't secured all the way from the DNS server to the
> application, only to the resolver. Both systems have problems, I'd
> imagine the best security is when they work together.
>
Is a DNSSEC capable stub resolver not in the cards?
