[107151] in North American Network Operators' Group
Re: US government mandates? use of DNSSEC by federal agencies
daemon@ATHENA.MIT.EDU (Michael Thomas)
Wed Aug 27 12:22:51 2008
Date: Wed, 27 Aug 2008 09:22:40 -0700
From: Michael Thomas <mike@mtcc.com>
To: Kevin Oberman <oberman@es.net>
In-Reply-To: <20080826230331.D74464500F@ptavv.es.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Kevin Oberman wrote:
>> Date: Tue, 26 Aug 2008 16:53:24 -0400
>> From: "Bill Bogstad" <bogstad@pobox.com>
>>
>> Not sure what this will actually mean in the long run, but it's at
>> least worth noting.
>>
>> http://www.gcn.com/online/vol1_no1/46987-1.html
>> http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdf
>
> It will mean something in the medium term as '.gov' and '.org' will be
> signed very soon and OMB might be able to even get the root
> signed. (Since OMB can pull funding, no one argues with them much.)
> All of this will increase pressure on Verisign to deal with '.com' and
> '.net'.
>
> Note that this only has an impact on '.gov' and the zones immediately
> below it, but I suspect most sub-domains of *.gov will be signed as a
> result of this, even if it is not required.
So the question I have is... will operators (ISP, etc) turn on DNSsec
checking? Or a more basic question of whether you even _could_ turn on
checking if you were so inclined?
Mike
