[dns-operations] DNSSEC DANE testing

Vernon Schryver vjs at rhyolite.com
Tue Jul 31 20:40:17 UTC 2012

> It's being worked on by people. For instance, it was important to
> get a libunbound version that used nss and not openssl, for various

I think it's more important for everyone who professes to care sign
their domain names, even if that means using ISC's trust anchor
until a TLD is signed.  See https://encrypted.google.com/search?q=isc+dlv

That one's registrar refuses DNSSEC is not a good excuse unless one wants
to be part of the conspiracy to protect the profits of pkix vendors.
("Conspiracy" is the wrong word, because I think NSI's opposition
to DNSSEC is not based on pkix margins that are not really threatened
by DANE or even really intentional, but merely a reflection of the
corporate culture seen since NSI took over from SRI.)

The counts on
are looking good, but there is a long way to go.

Vernon Schryver    vjs at rhyolite.com

More information about the dns-operations mailing list