nanog mailing list archives
Re: wrt joao damas' DLV talk on wednesday
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 13 Jun 2006 16:14:24 -0500 (CDT)
On Tue, 13 Jun 2006, Rick Wesson wrote:
... and alice has been working on deploying the .org DNSSEC testbed for 6 months now. Thus far my experence with deploying DNSSEC is: its just hard, not fun and for a lack of a better word... it SUCKS. In the last 6months since we deployed it, not one sole has clicked on the [now broken] _SECURE DOMAIN_ link to enable .ORG dnssec capabilities. I know we are a tiny registrar but none of our clients thought it important enough to even try clicking on the _SECURE DOMAIN_ link. So, even DLV is going to take a tremendous marketing effort to get folks to differentiate it from LOCK_DOMAIN which merely prevents the domain from being updated or transfered. DLV is a huge task so be supportive because it will probably fail just like DNSSEC is ...but we might just learn something.
Not every domain out there needs what DNS-SEC can give. Not every domain out there is for a legit site, even if it will use DNS-SEC. A site that cares about its domain being verified as being the right site, would use DNS-SEC. Banks, the root servers, eCommerce, etc. Problem is, in the days of attacks against organizations being directed at users, the verifying client can be thrown aside. That said, it's less problems to fight and makes one front more secure - which is the infrastructure. Strike, that, less of a wh*re for everyone to (ab)use. Gadi.
-rick Paul Vixie wrote:can you say "does not scale?"Indeed.this is why we're trying to sign up some registrars, starting with alice's, who can send us blocks of keys based on their pre-existing trust relationships.
Current thread:
- Re: wrt joao damas' DLV talk on wednesday, (continued)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Joe Abley (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Joe Abley (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Brian McMahon (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Paul Vixie (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Paul Vixie (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Rick Wesson (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Gadi Evron (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Gadi Evron (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Paul Vixie (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Joseph S D Yao (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Edward Lewis (Jun 13)
- Re: [nanog] Re: wrt joao damas' DLV talk on wednesday Dan Mahoney, System Admin (Jun 14)
- Re: wrt joao damas' DLV talk on wednesday David W. Hankins (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Todd Underwood (Jun 12)