[90751] in North American Network Operators' Group
Re: wrt joao damas' DLV talk on wednesday
daemon@ATHENA.MIT.EDU (Rick Wesson)
Tue Jun 13 17:08:36 2006
Date: Tue, 13 Jun 2006 14:10:21 -0700
From: Rick Wesson <wessorh@ar.com>
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3r71sakp1.fsf@sa.vix.com>
Errors-To: owner-nanog@merit.edu
... and alice has been working on deploying the .org DNSSEC testbed for
6 months now. Thus far my experence with deploying DNSSEC is: its just
hard, not fun and for a lack of a better word... it SUCKS.
In the last 6months since we deployed it, not one sole has clicked on
the [now broken] _SECURE DOMAIN_ link to enable .ORG dnssec capabilities.
I know we are a tiny registrar but none of our clients thought it
important enough to even try clicking on the _SECURE DOMAIN_ link. So,
even DLV is going to take a tremendous marketing effort to get folks to
differentiate it from LOCK_DOMAIN which merely prevents the domain from
being updated or transfered.
DLV is a huge task so be supportive because it will probably fail just
like DNSSEC is ...but we might just learn something.
-rick
Paul Vixie wrote:
>>> can you say "does not scale?"
>> Indeed.
>
> this is why we're trying to sign up some registrars, starting with alice's,
> who can send us blocks of keys based on their pre-existing trust
> relationships.
