Hacker News new | past | comments | ask | show | jobs | submit login
Against DNSSEC (sockpuppet.org)
2 points by rasengan on March 30, 2020 | hide | past | favorite | 2 comments



Please don't use things I wrote as a coatrack to hang advertisements of your blockchain DNS replacement.


DNSSEC has long been incomplete. Whoever had control of DNS essentially could backdoor the entire system [1].

However, now with Handshake [2], DNSSEC has become incredibly useful. TLSA records can be served directly from the blockchain which means provability [3]. This is in contrast to the current CA system wherein any CA can generate a valid certificate.

[1] https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-con...

[2] https://handshake.org

[3] https://github.com/handshake-org/hdns/blob/master/README.md




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: