The problem I see with DNSSEC as a potential end user and administrator.

[Duane <duane@e164.org>]

I just spoke to Mark on the phone, I'm sure he'll have some interesting
remarks about that in private, but to sum things up the conclusion I was
trying (poorly) to get across to Mark was this.

The higher the perceived cost, and the lower the perceived benefit will
make people complacent about deploying DNSSEC.

If the PDF link Bert posted is anything to go by there is a long way to
go before it's simple enough for people not to care about doing 1 or 2
things extra to implement DNSSEC.

However while ever the process is so long and drawn out, regardless of
how much worst it was in the past, people won't be bothered with it
until or unless they are personally effected in some respect.

You can't over come complacency by saying the process is simpler now
then it used to be and how easy it is to setup, it doesn't wash with me
or anyone else like me. We all live busy lives and all have better
things to do then care about if the zone is signed or not at present
because of a lack of tangible benefit.

Further more when anything gets more complicated I worry about how much
additional maintenance work it will take putting out fires in the future
when something breaks. Something always breaks so it isn't a matter of
if but when.

To sum things up, I don't care how easy the people promoting DNSSEC is,
it is still much too drawn out and I have better things to do with my
time then doing a bunch on mundane and repetitive things which computers
are so much better at.

Make the setup so easy a cave man could do it, or even better, fully
automate then when there is no perceived additional cost people will
start adopting it.

-- 

Best regards,
 Duane

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>