[170873] in North American Network Operators' Group
Re: DNSSEC?
daemon@ATHENA.MIT.EDU (Chris Adams)
Fri Apr 11 15:25:55 2014
Date: Fri, 11 Apr 2014 14:25:29 -0500
From: Chris Adams <cma@cmadams.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <201404111835.s3BIZcqQ003034@world.std.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Once upon a time, Barry Shein <bzs@world.std.com> said:
> So, DNSSEC is also compromised by this heartbleed bug, right?
No, wrong. The OpenSSL bug involves an extension to the TLS protocol
called "heartbeat" (basically like a TCP or PPP keepalive).
DNSSEC does not use TLS (or any other kind of transport encryption).
--
Chris Adams <cma@cmadams.net>
