>Can you be more specific about the concerns of the providers you >surveyed? Are they planning to move forward with DNSSEC?
They're planning to do DNSSEC. Giant zones of hashed names that don't have local-part semantics, not so much. At least one of them said it'd make more sense to do it with webfinger. >I would conjecture that at the scale of the USA, large scale changes >tend to be viewed as "turning the Titanic" challenges, and that >the providers are often loathe to tackle DNSSEC adoption. You would be mistaken. To point out the obvious, the operator of the largest mail system also runs the 8.8.8.8 public DNS resolver, and it does DNSSEC just fine. They are also the registry for a bunch of new TLDs which are required by contract to support DNSSEC from day 1. R's, John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
