[liberationtech] decentralized DNS... What's the state of DNSSEC implementation by those on this list.. ?
Seth David Schoen
schoen at eff.org
Thu Mar 15 06:54:59 PDT 2012
Bill Woodcock writes:
> Governments are sovereign, when they want to take something, they can
> do so. That won't change. Making it very clear what's been hijacked
> versus what is legitimate, on the other hand, is well within the
> capabilities of technology, and exactly the point of DNSSEC. If
> a domain has been hijacked, I'm going to look elsewhere for the
> legitimate data, regardless of who did the hijacking, or why they
> thought it was reasonable. That's the point of DNSSEC.
DNSSEC has little relevance to the threats that motivated this thread,
because it doesn't help if you disagree with the registry about what
"hijacked" and "legitimate" mean. There are lots of real Internet
threats that DNSSEC mitigates -- where you _do_ want to know what the
registry thinks and someone else wants to interfere or substitute
their view for the registry's -- but if you think the registry can
be wrong (or is wrong!), DNSSEC can't help you.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the liberationtech
mailing list