Re: The problem I see with DNSSEC as a potential end user and administrator.

David Ulevitch <davidu@everydns.net> Fri, 08 August 2008 06:29 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40C9F3A6C8E; Thu, 7 Aug 2008 23:29:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Level:
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5QxXdSlyXTHL; Thu, 7 Aug 2008 23:29:10 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3C5633A68F4; Thu, 7 Aug 2008 23:29:10 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KRLPL-000Ff6-EB for namedroppers-data@psg.com; Fri, 08 Aug 2008 06:25:03 +0000
Received: from [64.158.219.15] (helo=secure.perfectemail.net) by psg.com with smtp (Exim 4.69 (FreeBSD)) (envelope-from <davidu@everydns.net>) id 1KRLPH-000FeV-U1 for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 06:25:01 +0000
Received: (qmail 16144 invoked from network); 8 Aug 2008 06:24:59 -0000
Received: from c-71-202-44-149.hsd1.ca.comcast.net (HELO Zion.local) (71.202.44.149) by secure.perfectemail.net with SMTP; 8 Aug 2008 06:24:59 -0000
Message-ID: <489BE6BA.8050200@everydns.net>
Date: Thu, 07 Aug 2008 23:24:58 -0700
From: David Ulevitch <davidu@everydns.net>
User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707)
MIME-Version: 1.0
To: Duane <duane@e164.org>
CC: Namedroppers <namedroppers@ops.ietf.org>, Mark Andrews <Mark_Andrews@isc.org>, Paul Vixie <paul@vix.com>, bert hubert <bert.hubert@netherlabs.nl>
Subject: Re: The problem I see with DNSSEC as a potential end user and administrator.
References: <489BE047.1010100@e164.org>
In-Reply-To: <489BE047.1010100@e164.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Duane,

Can we get a last name please? We already have one Duane on this list 
and it's hard to know who you are.  Is that too much to ask?  This is an 
IETF mailing list, after all.

-David

Duane wrote:
> I just spoke to Mark on the phone, I'm sure he'll have some interesting
> remarks about that in private, but to sum things up the conclusion I was
> trying (poorly) to get across to Mark was this.
> 
> The higher the perceived cost, and the lower the perceived benefit will
> make people complacent about deploying DNSSEC.
> 
> If the PDF link Bert posted is anything to go by there is a long way to
> go before it's simple enough for people not to care about doing 1 or 2
> things extra to implement DNSSEC.
> 
> However while ever the process is so long and drawn out, regardless of
> how much worst it was in the past, people won't be bothered with it
> until or unless they are personally effected in some respect.
> 
> You can't over come complacency by saying the process is simpler now
> then it used to be and how easy it is to setup, it doesn't wash with me
> or anyone else like me. We all live busy lives and all have better
> things to do then care about if the zone is signed or not at present
> because of a lack of tangible benefit.
> 
> Further more when anything gets more complicated I worry about how much
> additional maintenance work it will take putting out fires in the future
> when something breaks. Something always breaks so it isn't a matter of
> if but when.
> 
> To sum things up, I don't care how easy the people promoting DNSSEC is,
> it is still much too drawn out and I have better things to do with my
> time then doing a bunch on mundane and repetitive things which computers
> are so much better at.
> 
> Make the setup so easy a cave man could do it, or even better, fully
> automate then when there is no perceived additional cost people will
> start adopting it.
> 


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>