[Dnssec-deployment] Analysis of NASA.GOV DNSSEC Issue 18-Jan-2012
owens at nysernet.org
Thu Jan 26 20:19:45 EST 2012
On Thu, Jan 26, 2012 at 10:11:34PM +0000, Paul Vixie wrote:
> "critical mass" for dnssec can be measured a bunch of different ways. an
> important one is: does someone who messes up their zone keys somehow,
> feel less pain (as now) than any particular member of the validator
> population, or more pain (as in the future, which will define "critical
I think that if you asked the NASA DNS admin how he feels, he could tell you about the pain; not so much from the direct impact of the outage, but the aftermath and the silly overreactions. NASA had the bad luck of being the first major site to screw up their DNSSEC after the Comcast switch. Had they rolled their KSK two weeks earlier, there would have been a handful of us noticing and a simple phone call would have taken care of it. Not critical mass yet, but those two weeks made a big difference.
Then again, FTC has two smaller public-facing sites down because of sig expiration, and they can't seem to be bothered to do anything about it. That's the difference between having a major site and a small landing page; even Comcast's mass can't raise the profile enough to cause any pain for them.
More information about the Dnssec-deployment