> On 1 Dec 2021, at 2:37 pm, Jim Reid <j...@rfc1035.com> wrote: > >> Wouldn't that create a vicious circle in which the only way to start >> operating DNSSEC is already to have operated DNSSEC? > > I think we’ve been in that vicious circle (or downward spiral) for several > years now.
The graph at: https://stats.dnssec-tools.org/images/totalds.svg does not look like a downward spiral to me. But I also don't agree with Paul that one needs to be an expert to play the game. Tools are improving, and spinning up working DNSSEC with Knot, BIND 9.16+, ... is increasingly easier. Where things get more complex is in API integration with cloud providers, bugs in the provider implementation that's recent and not fully baked, ... These too will likely improved, but there will occasionally be issues when some new managed service is introduced and users struggle to consume it, and have complex unanticipated requirements. -- Viktor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop