Path: ...!news.mixmin.net!proxad.net!feeder1-2.proxad.net!usenet-fr.net!news.gegeweb.eu!gegeweb.org!nntp.terraraq.uk!.POSTED.tunnel.sfere.anjou.terraraq.org.uk!not-for-mail
From: Richard Kettlewell <invalid@invalid.invalid>
Newsgroups: comp.misc
Subject: Re: [LINK] Calling time on DNSSEC?
Date: Wed, 27 Nov 2024 08:40:16 +0000
Organization: terraraq NNTP server
Message-ID: <wwva5dlul1r.fsf@LkoBDZeT.terraraq.uk>
References: <67464f37@news.ausics.net>
	<vi68n4$k3r$1@tncsrv09.home.tnetconsulting.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: innmantic.terraraq.uk; posting-host="tunnel.sfere.anjou.terraraq.org.uk:172.17.207.6";
	logging-data="20868"; mail-complaints-to="usenet@innmantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:wkgTwQFXhvIGKj24UCaUKqEZ0GU=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
     F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
     +r0NzP?vnz:e/knOY)PI-
X-Boydie: NO
Bytes: 2056
Lines: 23

Grant Taylor <gtaylor@tnetconsulting.net> writes:
> On 11/26/24 16:44, Computer Nerd Kev wrote:
>>   How have we got to this point?" ...
>
> Too many people stop once they achieve what they think is the minimum
> viable product.  Basic insecure DNS is that MVP when it comes to name
> resolution.
> 
> People move on to other MVP tasks that demand their attention and
> never get back around to DNSSEC.
>
> I've been using DNSSEC for 10-15 years with effectively minimal
> problems.

I use it too, a bit.

It’s not enough. It can secure the name-to-address mapping but does
nothing for the security of any data sent or received. You need TLS (or
SSH, or whatever) as well, and those already deal with naming.  So it’s
natural to ask why someone would bother with DNSSEC as well, and hardly
surprising that mostly the answer is that people don’t.

-- 
https://www.greenend.org.uk/rjk/