Executive Order 14144 - encrypted DNS
Crist Clark
cjc+bind-users at pumpky.net
Tue Jan 28 05:32:36 UTC 2025
US Federal civilian agencies have been required to do DNSSEC validation for
over ten years.
On Mon, Jan 27, 2025 at 7:42 PM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:
> On 1/27/25 07:02, Carlos Horowicz via bind-users wrote:
> > IMHO this has nothing to do with DNSSEC,
>
> HEAVYsigh
>
> Why do things seem to focus on the encryption of DNS traffic and ignore
> authentication of the information?
>
> I'm sure that all of us are aware that it's perfectly possible for a DoT
> / DoH server to send bogus information through the encryption.
>
> In some ways, advocating for encryption without authentication is akin
> to advocating for self-signed TLS certificates for web-sites. Anybody
> can monkey in the middle the traffic if they want to.
>
> I've not read any of the cited articles yet, but I assume DNS w/ DNSSEC
> through VPN isn't mentioned.
>
>
>
> --
> Grant. . . .
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250127/7e686894/attachment.htm>
More information about the bind-users
mailing list