## page was renamed from DNSSEC/Against DNSSEC
DNSSEC/Against DNSSECについて、ここに記述してください。

http://sockpuppet.org/blog/2015/01/15/against-dnssec/ 

Against DNSSEC
  Thomas Ptacek, founder of Matasano Security

it was weak, unsafe, incomplete, unnecessary, expensive and "government controlled."


DNSSEC doesn’t have to happen. Don’t support it.

Questions and Answers from "Against DNSSEC"
http://sockpuppet.org/stuff/dnssec-qa.html

{{{
What’s the alternative to DNSSEC?

Do nothing. The DNS does not urgently need to be secured.
}}}

----
[[DNSCurve]] がおすすめ。　-- ToshinoriMaeno <<DateTime(2015-03-21T09:30:14+0900)>>
-------
DNSSEC is Unnecessary
{{{
All secure crypto on the Internet assumes that the DNS lookup from names to IP addresses are insecure. 
}}}
    これが本当ならいいのだが。
{{{
With TLS properly configured, DNSSEC adds nothing.
}}}

だが、
{{{
the problem is “validating domain ownership via email” in the first place, not that the DNS is insecure.
}}}

DNSSEC is a Government-Controlled PKI

DNSSEC is Cryptographically Weak

DNSSEC is Expensive To Adopt

DNSSEC is Expensive To Deploy

DNSSEC is Incomplete

DNSSEC is Unsafe

DNSSEC is Architecturally Unsound