[dnssec-coord] Anyone willing to write articles about DNS-over-TLS versus DNSSEC?

Dan York york at isoc.org
Thu Dec 7 08:49:07 PST 2017


DNSSEC-coord members,

On today's brief call one of the points that Paul Wouters brought up was that he's been in a couple of discussions over the past couple of weeks where people thought that using DNS-over-TLS meant they didn't need to use DNSSEC. They have TLS, therefore they are all good, right?  

We may laugh at that statement, but it does point out a lack of clarity around what DNS-over-TLS provides (confidentiality, privacy) versus what DNSSEC provides (integrity, authenticity).  It's a bit like some of the confusion in the past around the similar difference between DNSCrypt and DNSSEC.

Would anyone be willing to  (and have the time to do so over the next month or so) write up an article about what DNS-over-TLS does? And how it relates to DNSSEC?

We discussed on the call that it would be great if we had some article, posted *somewhere*, to which we could point people when these questions come up.

There could, in fact, be *multiple* articles. It doesn't have to just be one.

If anyone does publish such an article and wants to share it with the list, please do. 
If anyone is willing to write an article, but doesn't have a place to publish it, I'm always open to publishing guest blog posts on the Internet Society's site.

Dan

--
Dan York
Senior Manager, Content & Web Strategy, Internet Society
york at isoc.org   +1-802-735-1624 
Jabber: york at jabber.isoc.org  Skype: danyork   http://twitter.com/danyork

http://www.internetsociety.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://elists.isoc.org/pipermail/dnssec-coord/attachments/20171207/306105d0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4075 bytes
Desc: not available
URL: <http://elists.isoc.org/pipermail/dnssec-coord/attachments/20171207/306105d0/attachment.p7s>


More information about the dnssec-coord mailing list