Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
DNSSEC
Edit
PageHistory
Diff
Info
LikePages
A standard for signing [DNS] packets, so you can be sure that they aren't faked. This is important to prevent DnsSpoofing attacks. [DNSSEC] relies on the root zone file being signed by a key that everyone trusts. The problem is, noone signs the root zone file, so the entire system falls apart. You can sign your own zone files, then trust them, which gives you security for some zones, but still says nothing about the rest of them. I think people aren't interested in using [DNSSEC] since it would reduce the value of [SSL], and therefore reduce the value of [SSL] Certificates which they sell. (As an aside, if you work out a 128 bit SSL Certificate is 8 bytes, and they charge multiple hundred dollars for them. So, about $50US/byte. See http://www.dnssec.net/ ---- CategoryDns
4 pages link to
DNSSEC
:
MetaNetToDo
SSLNotes
OpportunisticEncryption
AAAAvsA6
