How is DNSSEC

Dave Howe DaveHowe at gmx.co.uk
Sat Mar 22 04:41:07 EDT 2008


James A. Donald wrote:
>  From time to time I hear that DNSSEC is working fine, and on examining 
> the matter I find it is "working fine" except that ....

DNSSEC is "working fine" as a technology. However, it is worth 
remembering that it works based on digitally signing an entire zone - 
the state of the world being what it is, most people prohibit xfer so 
any other technology that would allow a zonewalk is not going to be 
deployed.

as far as I can tell, this is a basic design flaw, so isn't going to be 
rectified anytime soon.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list