On 17/12/2024 23:51, cstamas+...@cstamas.hu wrote:
My understanding is that they are using a signer that does not make algorithm rollovers easy. They are going for what seems to be less risky for them.
To put it more strongly, what I got through the grapevine is that the issue is one risk assessment. There is a risk that something will go wrong and that .fi will become bogus. On the other hand, there is essentially no DNSSEC use by bigger sites in .fi.
There are about 7000 sites in .fi that do DANE, but it seems that those are not important enough to warrant keeping .fi signed.
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
