1 post • joined 6 Apr 2007
DNSSEC has nothing to do with SSL!
Just because DNSSEC is about "Security", you've jumped to the conclusion that this has something to do with the US spying on you. These keys have nothing to do with encryption keys, just like your car key can't open the door to your house.
The point of DNSSEC is to assure that when you go to www.yourbank.com or www.yourcreditcard.com that you aren't at a spoofed site that's trying to steal your identity. It assures that the site's name was resolved through a trusted DNS server. That's it. Nothing more.
Having that key doesn't allow them to unencrypt SSL communications or any kind of coded communications. And the only thing they could do with it is to redirect an entire top-level-domain (.com, .org, etc.) and try to get that redirect to propagate throughout the entire Internet name servers. Do you seriously think that could happen without anyone noticing? And even if they did, what would it accomplish? What would be the point? And if they ever did try it, all an ISP would have to do is ignore the DNSSEC certificates. Everything would work exactly as it does now.
The Internet is what it is today because of not just the US's inventions, but also of it's largely hands-off attitude toward management. If you think the Internet would be better off with China, Brazil, Myanmar, or Zimbabwe managing it, good luck with that.