Hi Enrique,
On Sat, Dec 2, 2017 at 1:32 PM, Enrique Chaparro
<[log in to unmask]> wrote:
> There is an interesting side to consider — and if I were any of the
> BRICS governments I would have paid close attention to it): since
> DNSSEC extensions (RFCs 2535, 4033, 4034 and related ones) started
> to spread, the whole name system structure became completely dependent
> on a strongly hierachycal chain of authentication
correct
> relying on CAx
DNSSEC uses crypto signatures, not certificate authorities,
> which, if controlled by an adversary, could black out huge sectors
> of the 'net. DNSSEC is also prone to government snooping (and in
> this case that should be read as 'other governments' snooping).
nope, not prone to snooping by anyone, not anymore than the regular
DNS is prone to "snooping".
--
Cheers,
McTim
The 'name' of a resource indicates *what* we seek, an 'address'
indicates *where* it is, and a 'route' tells us *how to get there*.
|