Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
Masataka Ohta
mohta at necom830.hpcl.titech.ac.jp
Wed Dec 8 15:33:46 UTC 2021
Ca By wrote:
> It’s quite common for DNSSEC to fail at spectacular scale
> What’s uncommon? Attacks that DNSSEC is intended to solve.
> DNSSEC is considered harmful on the internet
Correct.
The problem is that PKI, in general, does not offer cryptographic
security but just assumes intelligent intermediate entities of CAs,
which are called trusted third parties, are trustworthy, which
is improper social, not cryptographic, assumption as was demonstrated
by a compromised CA of diginotar about 10 years ago.
https://en.wikipedia.org/wiki/DigiNotar
Masataka Ohta
More information about the NANOG
mailing list