[Dnssec-deployment] DNSSEC aware recursive name servers

Paul Vixie vixie at isc.org
Sun Aug 7 01:27:34 EDT 2011


> Date: Sat, 6 Aug 2011 17:01:21 -0700
> From: Kevin Oberman <kob6558 at gmail.com>
> 
> There will be political issues, of course, but if devices and the big
> two OSes ship with a validating recursive resolver and DNSSEC is the
> norm, places will stop blocking it. They do it for monetary reasons
> and customer complaints when this happens will quickly dissuade them
> as lost revenue from customers demanding money back (paid access) or
> just complaining about network problems will exceed the money from the
> re-directs when a query fails.

so, i thought this also, and i presented this approach to the Big Two and
was asked if i was completely crazy or only partly crazy?  no consumer
technology manufacturer is going to ship something that they know in
advance will cause problems for their customers.  so while they could
get the kind of first-mover leverage you're describing, they'd have to
make their customers fire-walk to get it, and they simply will not.  alas.


More information about the Dnssec-deployment mailing list