[dnssec-deployment] DNSSEC on NANOG
Thierry Moreau
thierry.moreau at connotech.com
Wed Jun 14 12:39:10 EDT 2006
Edward Lewis wrote:
> For those not reading NANOG, there has been a thread ongoing about DLV.
>
I quickly looked at this thread. It discusses DLV, a controversial
approach to circumvent the delay in "root signing" for DNSSEC
deployment. Being controversial, there is an implied thread augmentation
impact.
But, if DLV is being discussed at all, it's a sign that 1) DNSSEC
awareness is expanding, and 2) some participants demonstrate an
awareness of the DNS root signing criticalness
http://www.merit.edu/mail.archives/nanog/msg00551.html.
> What Rick is expressing is the problem with deployment of DNSSEC. The
problem is that no *consumer* of Internet services wants it.
TLD support, hopefully DNS root support, and support by major DNS
technology players (e.g. significant e-commerce operators) should come
first in the chicken-and-egg dilemma of DNSSEC deployment. Then, product
managers of application software will look at DNSSEC seriously.
> So, once again, if the goal is to deploy DNSSEC, efforts must be made
to create demand for it.
What about DKIM as the "killer app" for DNSSEC?
> Making DNSSEC easier or cheaper is not going to help - today DNSSEC
requires *no effort* and *no cost* to *not do it*.
Then we need to make DNSSEC more effective in providing cryptographic
assurance for data retrieved from the DNS global distributed database.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: thierry.moreau at connotech.com
More information about the Dnssec-deployment
mailing list