From: gtaylor@tnetconsulting.net   
      
   On 11/27/24 02:40, Richard Kettlewell wrote:   
   > It’s not enough. It can secure the name-to-address mapping but does   
   > nothing for the security of any data sent or received.   
      
   DNS, without security, doesn't have anything to do with security data   
   sent or received either.   
      
   Apples and lug-nuts always have been and always will be completely   
   different things that do completely different things.   
      
   That being said, DNSSEC can be used to authenticate keys published with   
   DANE (TLSA records) which can be used to encrypt traffic without the   
   need for traditional public key infrastructure (PKI).   
      
   > You need TLS (or SSH, or whatever) as well, and those already deal   
   > with naming.   
      
   None of those actually do / produce the naming.  They only use / consume   
   the naming done / produced by something else; DNS or local hosts entries.   
      
   > So it’s natural to ask why someone would bother with DNSSEC as well,   
   > and hardly surprising that mostly the answer is that people don’t.   
      
   See my previous response about MVP.   
      
      
      
   --   
   Grant. . . .   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)