(no title)

The APNIC Ping podcast did an excellent 2 part series on the problems of DNSSEC. It puts more responsibility on the DNS systems that are already complex and doing a lot of work.

The CA system with root trusts is just super efficient and easy, so it won.

It’s not perfect, so I’m sure someday it will be replaced, but not by the current options.