[dns-operations] Implementation of negative trust anchors?

Ralf Weber Ralf.Weber at nominum.com
Fri Aug 23 17:23:36 UTC 2013


On 23.08.2013, at 10:05, Daniel Kalchev <daniel at digsys.bg> wrote:
> Paul is correct. Everyone blames DNSSEC, because it is new.
It's not blaming. We are currently and over the past years have seen a lot of incidents where people made errors that resulted in DNSSEC validation failures.

> When you learn DNSSEC procedures and master them, you will discover it is not "easy" to screw up DNSSEC either.
I think that is the wrong approach for most people and widespread deployment. We need to create better tools that hide the complexity from the average user and make it easier and less error prone for people to deploy DNSSEC. I see a lot going on in that area and have hope that this will create more widespread deployment.

> Once upon a time people were afraid to fly. Today they happily line up at airport gates.
Yeah and here automation also helps a lot...

SO long
Ralf Weber
Senior Infrastructure Architect
Nominum Inc.
2000 Seaport Blvd. Suite 400 
Redwood City, California 94063
ralf.weber at nominum.com

More information about the dns-operations mailing list