[dns-operations] Saga of HBONow DNSSEC Failure
Jason_Livingood at cable.comcast.com
Tue Mar 10 18:30:03 UTC 2015
On 3/10/15, 12:11 PM, "Edward Lewis" <edward.lewis at icann.org> wrote:
>I (as well as others) knew this day would come -
>when an ISP would get the brunt of someone's DNSSEC misfire. (Others
>include many who worked on the original design and deployment workshops.)
It won¹t be the last time! ;-)
>The only way I can make this up to you is to better my efforts at making
>DNSSEC an easier to run, less clumsy protocol.
Works for me! That¹d be awesome. :-) DNSSEC needs to be super easy to use
as an authoritative operator, running on auto-pilot after initial setup.
The simpler & more automated operations are, the less fragile the signing
infrastructure will be (and the whole thing end to end of course).
More information about the dns-operations