Executive Order 14144 - encrypted DNS
Grant Taylor
gtaylor at tnetconsulting.net
Tue Jan 28 03:42:07 UTC 2025
On 1/27/25 07:02, Carlos Horowicz via bind-users wrote:
> IMHO this has nothing to do with DNSSEC,
HEAVYsigh
Why do things seem to focus on the encryption of DNS traffic and ignore
authentication of the information?
I'm sure that all of us are aware that it's perfectly possible for a DoT
/ DoH server to send bogus information through the encryption.
In some ways, advocating for encryption without authentication is akin
to advocating for self-signed TLS certificates for web-sites. Anybody
can monkey in the middle the traffic if they want to.
I've not read any of the cited articles yet, but I assume DNS w/ DNSSEC
through VPN isn't mentioned.
--
Grant. . . .
More information about the bind-users
mailing list