[Cryptography] Against against DNS (Re: New SSL/TLS certs to each live no longer than 47) days by 2029
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Apr 25 02:22:38 EDT 2025
Jon Callas <jon at callas.org> writes:
>The Geoff Huston essay that Michael Kjörling posted,
><https://blog.apnic.net/2024/05/28/calling-time-on-dnssec/>, is from May 2024
>and jibes with it pretty much. Nine years pass, and while some of the lyrics
>might have changed, the song is still the same.
It actually stretches over a much longer time period, Thomas Ptacek's original
series of essays, which went into much more detail than the 2015 post, was
"The Case Against DNSSEC" from 2007, about the same time attempts were first
made to deploy it. The APNIC post, incidentally on a blog run by an
organisation charged with deploying DNSSEC, that it's essentially failed, is
telling: It's solving a problem that most people don't care about at a cost
that most people do care about.
Peter.
More information about the cryptography
mailing list