The author of this is missing the point of DNSSEC.
They seem to be confusing DNSSEC and functionality that is possible with DNSSEC (DANE/TLSA). Not only that, they don't seem to fully understand DANE (there are modes that complement the traditional CA model, not replace it).
DNSSEC is just another tool. It isn't a panacea.
I definitely urge readers to objectively research the technical aspects of DNSSEC and draw conclusions for themselves.
4 comments
[ 3.3 ms ] story [ 19.4 ms ] threadThey seem to be confusing DNSSEC and functionality that is possible with DNSSEC (DANE/TLSA). Not only that, they don't seem to fully understand DANE (there are modes that complement the traditional CA model, not replace it).
DNSSEC is just another tool. It isn't a panacea.
I definitely urge readers to objectively research the technical aspects of DNSSEC and draw conclusions for themselves.