IETF Logo Mail Archive

Re: The problem I see with DNSSEC as a potential end user and administrator.

Stefan Schmidt <zaphodb@zaphods.net> Fri, 08 August 2008 10:25 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 78D413A6CEB; Fri, 8 Aug 2008 03:25:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.111
X-Spam-Level:
X-Spam-Status: No, score=-101.111 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnYg4qbTEJYl; Fri, 8 Aug 2008 03:25:42 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 941073A6CAD; Fri, 8 Aug 2008 03:25:42 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KRP6J-000J1P-E0 for namedroppers-data@psg.com; Fri, 08 Aug 2008 10:21:39 +0000
Received: from [2001:748:301::2] (helo=shinjuku.zaphods.net) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <zaphodb@zaphods.net>) id 1KRP6F-000IzT-HT for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 10:21:37 +0000
Received: from zaphodb by shinjuku.zaphods.net with local (Exim 4.69) (envelope-from <zaphodb@zaphods.net>) id 1KRP6D-00014I-3L for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 12:21:33 +0200
Date: Fri, 08 Aug 2008 12:21:32 +0200
From: Stefan Schmidt <zaphodb@zaphods.net>
To: Namedroppers <namedroppers@ops.ietf.org>
Subject: Re: The problem I see with DNSSEC as a potential end user and administrator.
Message-ID: <20080808102132.GO18233@zaphods.net>
References: <489BE047.1010100@e164.org> <e90946380808080203g65c99a72meca9db15c1194df1@mail.gmail.com> <489C0E08.3040406@e164.org> <e90946380808080218n7acddd46gd99d39fa71edcb26@mail.gmail.com> <489C112A.8000306@e164.org> <e90946380808080232w756e1123u2237fa1ac846173f@mail.gmail.com> <489C140C.60205@e164.org> <e90946380808080252r35e88807v15e904d10c73cb76@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <e90946380808080252r35e88807v15e904d10c73cb76@mail.gmail.com>
X-Origin-AS: AS5430
X-NCC-nic-hdl: ZAP-RIPE
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

On Fri, Aug 08, 2008 at 11:52:08AM +0200, Ond??ej Surý wrote:
> > What was, is meaningless to those that don't know or care, what is, is
> > all that matters if you are trying to sell DNSSEC to the unwashed masses
> > that aren't drinking the koolaid.
> 
> Well, we don't need to sell it to masses.  We just need to educated registrars,
> ISPs and big zone hosters, where people with (at least some) clue works.
> And that's something what we are working on.

If you don't deploy it to a hundred percent it simply won't be 'the solution'
to the spoofing and man-in-the-middle problem as some people here like to
think. Saturation is important to the success of a protocol, think of blueray
vs. hd-dvd so you need not only to address the forbes500 but also
www.mylittlewebsitethatsellsstuff.cctld, that kind of thing is often run by
small companys that lack the clue you want people to have.

	Stefan
-- 
There is hopeful symbolism in the fact that flags don't wave in a vacuum.
- Arthur C. Clark 

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email