4 comments

[ 3.3 ms ] story [ 19.4 ms ] thread
If this is nearly as interesting or useful than the original post it concerns, I did something wrong.
(comment deleted)
Good post. Interesting info.
The author of this is missing the point of DNSSEC.

They seem to be confusing DNSSEC and functionality that is possible with DNSSEC (DANE/TLSA). Not only that, they don't seem to fully understand DANE (there are modes that complement the traditional CA model, not replace it).

DNSSEC is just another tool. It isn't a panacea.

I definitely urge readers to objectively research the technical aspects of DNSSEC and draw conclusions for themselves.