> From: Jim Reid <j...@rfc1035.com> > So where are the incentives for resolver operators? If they switch > on DNSSEC validation and get extra calls to customer support as a > result, who pays?
Why not the same people as before? Who besides farmers and squatters (who don't care about DNSSEC) would object to paying 3 times as much for DNSSEC? That wouldn't leave us below the $50/year/domain #$%$#@! of the outfit that took over from SRI. Why would there be extra support calls? Wrong keys are no worse than wrong delegations or host records and only a little harder to see because they are long strings of varying cybercrud. > It's all well and good that registries offer bribes^Wincentives > to their sales channel, but the demand side (ie validation) needs > incentives too and their needs are very different from someone who > sells domain names and DNSSEC signing services. I don't understand. Why would registrars get support calls about validation problems? Do they get calls now (that they answer) from DNS resolver operators (other than big resolvers like Comcast) for lame delegations? With default validation on by default in DNS servers (in BIND and I assume others) and validation by big ISPs and third party resolvers, what changes still need incentives? Everyone considering writing about the high costs and great difficulties of DNSSEC should try DNSSEC before writing. Starting before BIND auto-signing, I found everything except dealing with a recalcitrant, functionally stupid registrar no worse than dealing with certs for HTTP and SMTP, like the cert that headers on Jim Reid's message suggest he maintains. With both DNSSEC and PKI/OpenSSL, I had to overcome things I knew that were false, but that's life. It's entertaining with the right attitude. And trust me, I won't be making DNSSEC support calls to my registrar. Vernon Schryver v...@rhyolite.com _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
