Re: Proposed DNSSEC Plenary Experiment for IETF 74

[Stephane Bortzmeyer <bortzmeyer at nic.fr>]

On Thu, Nov 27, 2008 at 07:49:13PM +0000,
 Matthew Ford <ford at isoc.org> wrote 
 a message of 13 lines which said:

> After all the years of FUD surrounding DNSSEC deployment, I feel
> quite strongly that having the IETF do as you suggested and then be
> able to point to 'no discernible impact' on the network would be a
> significant milestone.

That would prove nothing: failures will DNSSEC do not happen every
day. Signatures expire, people stop signing without telling the parent
zone, keys rolls over, but it may not happen during these few days.

You see the actual problems with DNSSEC (which are *not* FUD) when you
run it every day, for several months. 

<flame>Read the pro-DNSSEC responses to US govermnent's survey
<http://www.ntia.doc.gov/dns/dnssec.html> and see how many of these
people who tell Obama to sign, signed themselves their zone.</flame>

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf