Differences between current version and predecessor to the previous major change of DNSSEC.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 3 | Last edited on Wednesday, November 24, 2004 4:27:46 pm | by MikeBeattie | |
| Older page: | version 1 | Last edited on Friday, February 21, 2003 5:28:22 pm | by PerryLorier | Revert |
@@ -2,4 +2,9 @@
[DNSSEC] relies on the root zone file being signed by a key that everyone trusts. The problem is, noone signs the root zone file, so the entire system falls apart. You can sign your own zone files, then trust them, which gives you security for some zones, but still says nothing about the rest of them.
I think people aren't interested in using [DNSSEC] since it would reduce the value of [SSL], and therefore reduce the value of [SSL] Certificates which they sell. (As an aside, if you work out a 128 bit SSL Certificate is 8 bytes, and they charge multiple hundred dollars for them. So, about $50US/byte.
+
+See http://www.dnssec.net/
+
+----
+CategoryDns
