top | item 47190391

(no title)

tptacek | 1 day ago

Nobody has ever disputed that you could run a fully recursive cache on your workstation, only that any ordinary user ever does.

You can see at this point how hollow "DNSSEC" is as an answer to the problem of this thread.

discuss

jcalvinowens|3 hours ago

It's not a full recursive lookup: you don't understand how DNSSEC works. I'm not replying to you any more.

tptacek|3 hours ago

I'm guessing I do. Anyways: no question that there are a variety of experimental setups in which you can address the problem of on-path attackers trivially disabling DNSSEC, freeing you up to work on the next, harder set of DNSSEC security and operational problems.