On Fri, Aug 15, 2008 at 04:07:03PM -0700, David Conrad wrote: > intervention) or they'll turn off DNSSEC. So, in the worst case, they'll > get bitten and revert back to the same level of security (or lack thereof) > they have today. > > Is this worth blocking DNSSEC deployment?
It seems to me that that story is the one by which DNSSEC becomes permanently hobbled on the Interned, as various overworked or semi-incompetent system administrators make a mistake of this sort and cause sites to go dark for significant portions of the Internet. When the CTO receives the incident report, the CTO is going to say, "So if we never turned on DNSSEC, this wouldn't have happened? Ok. New policy: no DNSSEC." At least, that's the way it would have worked in most large institutions I ever worked in/around. A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
