The author of this is missing the point of DNSSEC.
They seem to be confusing DNSSEC and functionality that is possible with DNSSEC (DANE/TLSA). Not only that, they don't seem to fully understand DANE (there are modes that complement the traditional CA model, not replace it).
DNSSEC is just another tool. It isn't a panacea.
I definitely urge readers to objectively research the technical aspects of DNSSEC and draw conclusions for themselves.
[+] [-] tptacek|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] msturgill|11 years ago|reply
They seem to be confusing DNSSEC and functionality that is possible with DNSSEC (DANE/TLSA). Not only that, they don't seem to fully understand DANE (there are modes that complement the traditional CA model, not replace it).
DNSSEC is just another tool. It isn't a panacea.
I definitely urge readers to objectively research the technical aspects of DNSSEC and draw conclusions for themselves.
[+] [-] owly|11 years ago|reply