DNSSEC seems to be growing in popularity. At least in the eyes of the American Administration. See:
http://www.schneier.com/blog/archives/2007/04/dept_of_homelan.html
Basically as I understand it DNSSEC adds an extra layer to the BIND protocols in providing signed zone transfers. Since zone transfers are deemed to be arguably the most risky part of running a DNS server, this should be a good thing.
But is it? Do we really want to pay extra for the privilege of extra certification costs. Exactly how important is it to have authorisation from another party when updating or modifying your own domain.
More on the argument against:
http://www.matasano.com/log/754/a-case-against-dnssec-a-matasano-miniseries/
I believe this has to be balanced with the argument I made in Spam Blogs and comment spam.
No comments yet
Comments feed for this article