[dns-operations] DNSSEC DANE testing

Ondřej Surý ondrej.sury at nic.cz
Fri Aug 3 00:41:55 UTC 2012

On 30. 7. 2012, at 19:01, Vernon Schryver <vjs at rhyolite.com> wrote:
> I'll look more closely at your list and eventually pick one to do a
> not quite, before-pre-smoke test of my RRs on a Linux test box.
> It looks as if I'll be ahead of pack as long as I do that in the next
> 3 or 4 years.
> I'm very disappointed.  It seems that despite years of talk, DANE is
> not ready for discussion in the trade press blogs, not to mention prime
> time.  Given the lack of readiness or antipathy of registrars for basic
> DNSSEC, I probably shouldn't be surprised.
> DNSSEC and DANE are beginning to seem less substantial than the vaporware
> from the ISO OSI protocol gurus 25 years ago.

Yeah, that's the attitude.  The protocol document hasn't been published
yet (but will be out hopefully soon), and was fully baked (aka IETF LC
finish) like 1-2 month ago and you would ALREADY expect to have a fully
working implementations?

You set yourself unrealistic expectations and you torpedo the whole
thing without even trying to speak to involved people.

The implementations will come after the protocol is done and the truth
is that somebody will have to invest in that, they will not magically
appear out of the thin air.

 Ondřej Surý -- Chief Science Officer
 CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.sury at nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112

More information about the dns-operations mailing list