[Dnssec-deployment] RRSIG for arpa expired
Tony Finch
dot at dotat.at
Mon Jun 7 14:56:22 EDT 2010
On Mon, 7 Jun 2010, Michael Graff wrote:
>
> One would argue then, if we live in that world forever, is there really
> any value in DNSSEC? It seems there was not for SMTP.
It's not a good comparison. There is no specification for inter-domain TLS
authentication for SMTP which is why it doesn't provide significant
amounts of added security. It's a useless mess. SMTP+TLS does provide
reasonable security for message submission, though most MUAs have brain
damaged configuration.
The DNSSEC specification is much more comprehensive and implementations
default to secure not insecure.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
IRISH SEA: EAST OR NORTHEAST 3 OR 4, INCREASING 5 AT TIMES. SMOOTH OR SLIGHT,
OCCASIONALLY MODERATE. OCCASIONAL RAIN OR SHOWERS, FOG PATCHES. MODERATE OR
GOOD, OCCASIONALLY VERY POOR.
More information about the Dnssec-deployment
mailing list