Annotated edit history of
DNSSEC version 3, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 1 |
PerryLorier |
1 |
A standard for signing [DNS] packets, so you can be sure that they aren't faked. This is important to prevent DnsSpoofing attacks. |
| |
|
2 |
|
| |
|
3 |
[DNSSEC] relies on the root zone file being signed by a key that everyone trusts. The problem is, noone signs the root zone file, so the entire system falls apart. You can sign your own zone files, then trust them, which gives you security for some zones, but still says nothing about the rest of them. |
| |
|
4 |
|
| |
|
5 |
I think people aren't interested in using [DNSSEC] since it would reduce the value of [SSL], and therefore reduce the value of [SSL] Certificates which they sell. (As an aside, if you work out a 128 bit SSL Certificate is 8 bytes, and they charge multiple hundred dollars for them. So, about $50US/byte. |
| 2 |
PerryLorier |
6 |
|
| |
|
7 |
See http://www.dnssec.net/ |
| 3 |
MikeBeattie |
8 |
|
| |
|
9 |
---- |
| |
|
10 |
CategoryDns |
