|
| ▲ | farfatched 10 minutes ago | parent | next [-] |
| Yes, it's a crappy outcome, but endpoints can still choose to enforce this. Further, it's not a persuasive argument against more DNSSEC usage, since if there was more DNSSEC usage then resolvers would be more reluctant to disable it. |
|
| ▲ | pocksuppet an hour ago | parent | prev [-] |
| If there's going to be a single point of failure in front of your website, that single point of failure may as well be the only single point of failure instead of having two single points of failure, and it's probably important that people can't hack it. |
| |
| ▲ | akerl_ 44 minutes ago | parent | next [-] | | Nobody had to hack it. A system at DENIC broke, and so Cloudflare turned off DNSSEC validation for all of their users accessing .de. If DNSSEC was actually important for the security model of those users, that would be a huge deal. | |
| ▲ | tptacek 40 minutes ago | parent | prev [-] | | This is a non sequitur. |
|
