Re: RFC7344 (was: Funky Key Tag in AWS Route53 (2))
On Thu, Dec 29, 2022 at 03:43:35PM -0500, Timothe Litt wrote: ! So much like DNSSEC itself, the technology is there, but the will to use it ! everywhere it's needed is not. Timothy, thank You for the update. I agree to Your viewpoints, and we have seen mostly the same with IPv6. Apparently it needs serious pain to move something in technology that is mostly invisible to the common user. (OTOH we can see new collaboration tools or javascript frameworks every day.) PMc -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RFC7344 (was: Funky Key Tag in AWS Route53 (2)) (2)
Hi there, On Fri, 30 Dec 2022, Timothe Litt wrote: The problem is politics, not technology. Well there might be a little more to it than that. People just don't know. When my wife asked about the security of her bank's Website they told her, "Don't worry, if there's a little padlock in the box at the top it's secure..." The bank is anonymous here not to protect the guilty, but to highlight the fact that it almost doesn't matter which one you choose. $ whois UK_bank_domain | grep DNSSEC $ -- 73, Ged. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RFC7344 (was: Funky Key Tag in AWS Route53 (2))
On Fri, Dec 30, 2022 at 12:39:30PM +0100, Peter wrote: > On Thu, Dec 29, 2022 at 03:43:35PM -0500, Timothe Litt wrote: > > ! So much like DNSSEC itself, the technology is there, but the will to use it > ! everywhere it's needed is not. > > Timothy, thank You for the update. I agree to Your viewpoints, and we > have seen mostly the same with IPv6. Apparently it needs serious pain to > move something in technology that is mostly invisible to the common > user. (OTOH we can see new collaboration tools or javascript > frameworks every day.) > > PMc The only hope is for the customers of domain registrars to request that they implement this, and to cite it as a problem when publically reviewing registrars. For example, my registrar has their own API, but that's all. When asked to add support for RFC7344, they say they'll consider it. The more customers who ask for it, the better (I hope). And now that DNSSEC is so much easier to use than in the past, maybe more people will start asking for RFC7344. cheers, raf -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
