I checked that I have written quite a lot on DNSSEC. One thing I miss is that DNSSEC can replace digital certificates in authenticating a website. Digital certificates are quite expensive and they have the function of payload encryption apart from authentication. In case traffic encryption is not required, DNSSEC can provide website authentication satisfactorily at zero cost.
I hope browsers can be equipped with visual indication of DNSSEC status when accessing websites.
No comments:
Post a Comment