
Against DNSSEC - rasengan
https://sockpuppet.org/blog/2015/01/15/against-dnssec/
======
tptacek
Please don't use things I wrote as a coatrack to hang advertisements of your
blockchain DNS replacement.

------
rasengan
DNSSEC has long been incomplete. Whoever had control of DNS essentially could
backdoor the entire system [1].

However, now with Handshake [2], DNSSEC has become incredibly useful. TLSA
records can be served directly from the blockchain which means provability
[3]. This is in contrast to the current CA system wherein any CA can generate
a valid certificate.

[1] [https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-
con...](https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-control-the-
internet/)

[2] [https://handshake.org](https://handshake.org)

[3] [https://github.com/handshake-
org/hdns/blob/master/README.md](https://github.com/handshake-
org/hdns/blob/master/README.md)

