8 Dec
2021
8 Dec
'21
10:33 a.m.
Ca By wrote:
It’s quite common for DNSSEC to fail at spectacular scale
What’s uncommon? Attacks that DNSSEC is intended to solve.
DNSSEC is considered harmful on the internet
Correct. The problem is that PKI, in general, does not offer cryptographic security but just assumes intelligent intermediate entities of CAs, which are called trusted third parties, are trustworthy, which is improper social, not cryptographic, assumption as was demonstrated by a compromised CA of diginotar about 10 years ago. https://en.wikipedia.org/wiki/DigiNotar Masataka Ohta