How is DNSSEC
Dave Howe
DaveHowe at gmx.co.uk
Sat Mar 22 04:41:07 EDT 2008
James A. Donald wrote:
> From time to time I hear that DNSSEC is working fine, and on examining
> the matter I find it is "working fine" except that ....
DNSSEC is "working fine" as a technology. However, it is worth
remembering that it works based on digitally signing an entire zone -
the state of the world being what it is, most people prohibit xfer so
any other technology that would allow a zonewalk is not going to be
deployed.
as far as I can tell, this is a basic design flaw, so isn't going to be
rectified anytime soon.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list