Comment by tptacek
4 hours ago
Neither DNSSEC nor the WebPKI are defenses against phishing. But phishing (registrar ATO more generally) is the dominant vector through which DNS spoofing occurs, and DNSSEC solely addresses DNSSEC spoofing.
4 hours ago
Neither DNSSEC nor the WebPKI are defenses against phishing. But phishing (registrar ATO more generally) is the dominant vector through which DNS spoofing occurs, and DNSSEC solely addresses DNSSEC spoofing.
Do you agree that we don't need HTTPS because phishing is the most common HTTP attack, not MITM?
No? This is the third attempt you've made at this faulty syllogism. If we simply can't resolve enough premises to hash it out, that's fine, we don't have to try to understand each other.