Talk:DNSSEC

From Wikipedia, the free encyclopedia

Can someone elaborate on "trust anchors" and the associated "rollover problem". These are mentioned in the article, but no information is given and no links are supplied. Dthvt 23:06, 5 December 2006 (UTC)

[edit] OPT-IN

There should be mention of the OPT-IN controversy. This blocked deployment for many years. --Gorgonzilla 20:16, 11 August 2006 (UTC)

Is there some kind of known plain text attack that can be done on NSEC3 with '.com', '.org', etc... ? —Preceding unsigned comment added by 66.93.109.10 (talk) 14:06, 26 February 2008 (UTC)

[edit] Deployment

The Internet is considered a critical infrastructure by many, yet it was originally based on the fundamentally insecure DNS.

There are a couple problems with that sentence. First, it's not strictly true: The internet builds on the Internet Protocol, and second, it's not actually true: The first name-to-ip translation was done through the hosts file (yes, that hosts file) and administrators asking other administrators to update their copy, and later on updating that file from a central site with a presumably well-known IP address. Third, there is that just about everything on the early internet started out as horribly insecure (the famous hardcoded sendmail backdoor, for one) and amazingly that was, back then, not a problem. Point being that singling out DNS is less than thruthful. Of course this is nitpicking, but we still need a better sentence there. 85.178.92.98 (talk) 11:42, 3 April 2008 (UTC)