[Dnssec-deployment] PayPal says they are now all signed (Akamai)

Dave Lawrence tale at dd.org
Thu Dec 15 16:32:26 EST 2011


Morizot Timothy S writes:
>  Well, it's a FISMA requirement (control SC 20(1) from SP
> 800-53rev3) and any portion of a contracted service (in this case the
> CDN and the DNS for it) which supports a federal government system
> falls within the FISMA boundary. So their federal government
> customers, at least, will be demanding it. 

I do not interact directly with the government customers (or any
customers, for that matter) so I can't make any sort of authoritative
claims on just how much interest they've shown in complete end-to-end
signing, but from where I'm sitting it appears to be slim to none.

The order actually was a large part of the impetus for the DNSSEC
signing service that we implemented on our hosted zone
product. Outwardly it seems like the requirement is going largely
ignored by a number of US government agencies, apparently without any
repercussions.



More information about the Dnssec-deployment mailing list