On Oct 22, 2013, at 7:42 AM, Daniel Kalchev <dan...@digsys.bg> wrote:
> I for one, do not believe DNSSEC is any difficult. I have turned DNSSEC > wherever I can. It has become easier and easier in the past few years to the > point I would call deploying DNSSEC today trivial. I have therefore changed > my stance with people considering DNSSEC deployment from "careful, this stuff > needs special attention" to "good, encourage those guys". > > See, I can answer such questions. Why can't others? It's difficult because there is not universal support amongst registrars. Once again the wheel gets stuck when the technical side meets the business side. Before someone says "switch registrar", it's usually not that easy and then becomes something resembling a full time project vs "just throwing a switch". Edit a zone file vs "edit, run a script, upload some keys, roll some keys, do some other magic" is harder than edit a zone file. This runs into the same friction issue that using PGP and other tools encounter. It seems simple enough to most folks, but when you add in someone less-technical, it goes off the rails quickly. I can't count the number of times someone emailed me their full keyring or private key when they meant public. It's not as easy as you think it is. - Jared _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
