> From: Doug Barton <do...@dougbarton.us> > > >+lots. Penalizing the early adopters simply leads to no deployment.
How long after the start of significant DNSSEC deployment (say the signing of com) will the early adopter period end? When I say that comment about early adopters, my first thought was "Yes, perhaps that's a good point for last year, but what about today?" Even Comcast seems to have lost interest in NTA based on the infrequent changes to http://dns.comcast.net/ this year, not to mention that the most recent announced NTA among those pages seems to have been last year. As far as I can tell from my limited perspective DNSSEC, errors are now more common than they were last year. Contrary to some apparent opinions, I think that's a reason stuff NTA down the memory hole. With real use will inevitably come a lot of errors, and forever. That is no more unexpected or worse than lame delegations and the many other ways mess up DNS. > I continue to maintain that NTAs violate the whole principle of DNSSEC, Yes! An offical protocol definition get NTA on to checklists and thence into all competing products. That will aid and bet various organizations with reasons to oppose DNSSEC (and DANE) such as authoritarian regimes with firewalls and as well as nominally free regimes with more subtle interests in modifying DNS records. After NTA is standard in products, then I bet U.S. ISPs will start getting secret orders concerning its use. Vernon Schryver v...@rhyolite.com _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
