PKA support
Klaus Ethgen
klaus+gnupg at ethgen.ch
Fri Apr 10 17:20:39 CEST 2026
Am Fr den 10. Apr 2026 um 15:23 schrieb Jakob Bohm via Gnupg-users:
> On 10/04/2026 09:41, Klaus Ethgen wrote:
> > Hi,
> >
> > Am Fr den 10. Apr 2026 um 8:28 schrieb Werner Koch:
> >> And: DNS is not more secure given all the problems and the move from DNS
> >> to HTTPS based DNS lookup in the browsers.
> > Well, if you do DNSSEC, it is much more secure than HTTPS. However, the
> > problem is, that major players do not care about implementing it. For
> > example, Hetzner does still not allow to add DNSSEC glue to the
> > registration. There was a solution for this but isc closed it down as
> > "all country toplevel domains support DNSSEC", fully ignoring that the
> > registrars don't.
> >
> > Another problem are such players as big tech making it hard to have use
> > of DNSSEC.
> Plus the major design flaw that DNSSEC is an automatic footgun. Any
> failure to regularly apply your signature refresh scripts with access
> to your secret keys causes the signed domain/zone to become unreadable.
> That scenario may be triggered by loss of the private key (think lost
> equipment) and/or any unfortunately timed interruption in ability to
> run the scripts.
Well, either you see the security important or you don't. If you fail,
learn and try again.
I don't think, that any noob should do their security. This should be
done by experts. And they need to be paid fair for that.
Gruß
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus at Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 728 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260410/e01f63cc/attachment-0001.sig>
More information about the Gnupg-users
mailing list