(Repost of <https://news.ycombinator.com/item?id=38570370>)
(Repost of <https://news.ycombinator.com/item?id=38570370>)
edit: maybe even invite 2 or 3 DNSSEC advocates @tptacek :)
• Blog post: <https://blog.technitium.com/2023/05/for-dnssec-and-why-dane-...>
• As a podcast episode: <https://blog.apnic.net/2023/03/16/podcast-dnssec-the-case-fo...>
If we could find a credible DNSSEC advocate (for our audience; that is: a cryptography engineer, vulnerability researcher, or an engineering leader at a major firm), we would absolutely invite them on.
'teddyh below gave you links to two pro-DNSSEC resources; fun note: the latter source (Geoff Huston, one of the world's more respected networking researchers) has since then written this:
IPv6 doesn't have that problem, though.
“I guess the question we should be asking is — if we want a secured namespace what aspects should we change about the way DNSSEC is used to make it simpler, faster, and more robust?”