[dns-operations] Saga of HBONow DNSSEC Failure

[Livingood, Jason]

On 3/10/15, 12:11 PM, "Edward Lewis" <edward.lewis at icann.org> wrote:

>I (as well as others) knew this day would come -
>when an ISP would get the brunt of someone's DNSSEC misfire.  (Others
>include many who worked on the original design and deployment workshops.)

It won¹t be the last time! ;-)

>The only way I can make this up to you is to better my efforts at making
>DNSSEC an easier to run, less clumsy protocol.

Works for me! That¹d be awesome. :-) DNSSEC needs to be super easy to use
as an authoritative operator, running on auto-pilot after initial setup.
The simpler & more automated operations are, the less fragile the signing
infrastructure will be (and the whole thing end to end of course).

- Jason