DNSSEC/Against DNSSECについて、ここに記述してください。

http://sockpuppet.org/blog/2015/01/15/against-dnssec/

Against DNSSEC

it was weak, unsafe, incomplete, unnecessary, expensive and "government controlled."

DNSSEC doesn’t have to happen. Don’t support it.

Questions and Answers from "Against DNSSEC" http://sockpuppet.org/stuff/dnssec-qa.html

What’s the alternative to DNSSEC?

Do nothing. The DNS does not urgently need to be secured.


DNSCurve がおすすめ。 -- ToshinoriMaeno 2015-03-21 00:30:14


DNSSEC is Unnecessary

All secure crypto on the Internet assumes that the DNS lookup from names to IP addresses are insecure. 

With TLS properly configured, DNSSEC adds nothing.

だが、

the problem is “validating domain ownership via email” in the first place, not that the DNS is insecure.

DNSSEC is a Government-Controlled PKI

DNSSEC is Cryptographically Weak

DNSSEC is Expensive To Adopt

DNSSEC is Expensive To Deploy

DNSSEC is Incomplete

DNSSEC is Unsafe

DNSSEC is Architecturally Unsound