[Cryptography] DNS subverted to spy on N Korea

Lodewijk andré de la porte l at odewijk.nl
Thu Jan 22 08:03:31 EST 2015

2015-01-19 16:19 GMT+01:00 Henry Baker <hbaker1 at pipeline.com>:

> and we need DNSSEC to protect ourselves from fraudulent DNS results."

This is FUD, DNSSEC is also subvertable by the NSA. We need something else
that hasn't been invented yet, and nobody has sufficient clue on how to
make it happen. There's things like namecoin and .onion, and namecoin is
definitely pretty decent. Namecoin's gotten very little love because it's
got the same features as DNS has already.

Bottom line? DNS isn't ever going to be secure, but it's already three
quarters decent (the last quarter is gov-level-attack or better). Try not
to expect it to be.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150122/1a1acfdf/attachment.html>

More information about the cryptography mailing list