Ted Lemon wrote:
On Aug 19, 2008, at 9:09 AM, David Ulevitch wrote:
I've yet to be shown how DNSSEC is any of those things. D-H key
exchanges, DTLS, DNS PING, all sound far more appealing.
The answer to that question has to take into account what benefit
accrues to you from preventing DNSSEC from being deployed. And that is
why David asked the question he asked. What benefit accrues to you
from stopping the deployment of DNSSEC?
First -- this is the most rational email on this thread. Thanks.
Second -- My goal is not to derail DNSSEC. It does that on its own. My
goal is to make sure people don't buy into the kool-aid being poured
that DNSSEC is the only solution. It isn't.
It's really silly for us to be debating whether or not we personally
want to use DNSSEC. If you don't want to use it, don't use it. But I
*do* want to use it. And in order for me to use it, the root zone and
the TLDs have to start using it. So the question is, is that bad for
you for some reason?
Sort of. It means I have to start another company that will charge
slightly less egregious fees than the rest of you plan on doing to do
DNSSEC management for companies the same way Thawte and Verisign did for
SSL certs.
And my plate is pretty full at the moment.
-David
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
