Comment by indolering
3 hours ago
Bad arguments and FUD when it was being rolled out. Sysadmins also don't want to touch working infra code, you can see that with AWS lagging on IPv6.
3 hours ago
Bad arguments and FUD when it was being rolled out. Sysadmins also don't want to touch working infra code, you can see that with AWS lagging on IPv6.
Who's the most reputable cryptographer you can think of who publicly supports DNSSEC? We'd like to interview them on SCW.
You are going to complain that the key sizes are too small despite the guidelines being updated a long time ago. Then you will argue adoption of larger keys sizes is to low. Then you will argue that we should just not sign domain name authority delegation records at all (i.e. DNSSEC) and that we should abandon shoring up authenticated DNS because there is no adoption.
You have any cryptographers that are satisfied with unauthenticated name server checks?
Yes? Lots of them? But also: you didn't answer my question.
2 replies →