DNSSEC and ISPs faking DNS responses

Roland Dobbins rdobbins at arbor.net
Sat Nov 14 12:29:10 UTC 2015

On 14 Nov 2015, at 16:27, Owen DeLong wrote:

> Today.

Yes, today, and tomorrow, and next week, and next month, and next year, 

> Why on earth do you assume that this will not continue to expand 
> and/or accelerate its rate of expansion as word spreads that it is 
> possible?

Because it isn't a simple default.

If it ever becomes a simple default, we'll start to see greater 
adoption.  And probably not in the form of 'tunneling-everything' VPNs, 
but 'application VPNs' which automagically utilize SSL/TLS

Roland Dobbins <rdobbins at arbor.net>

More information about the NANOG mailing list