[dns-operations] Hall of DNS Shame (?)

Matt Larson matt at kahlerlarson.org
Wed Jan 25 20:35:36 UTC 2017

>> On Jan 24, 2017, at 8:38 PM, Paul Vixie <vixie at tisf.net <mailto:vixie at tisf.net>> wrote:
>> On Tuesday, January 24, 2017 5:11:25 PM PST Jim Reid wrote:
>> > I suggest adding ISC to this hall of shame for implementing and deploying DLV. :-)
>> if you think the root or .com would ever have been signed without the threat of dlv, then can i interest you in this fine bridge, which while you can't take it home with you, can be yours for the low low price of a nickel.
>> no :-) here.
>> -- 
>> P. Vixie

> On Jan 25, 2017, at 6:56 AM, David Conrad <drc at virtualized.org <mailto:drc at virtualized.org>> wrote:
> Yes, it would have, at least for the root.
> In all the discussions I had with various folks about signing the root within ICANN, there was no mention of DLV that I can recall (and I was somewhat sensitive to the topic).
> What caused the root to be signed was the Kaminsky vulnerability.
> I obviously can't speak for .COM. 

I worked at Verisign for a very long time, including when .com was signed.  While I obviously can't speak for them now, either, I suspect that if you were to ask anyone who was there at the time, their answer would be that DLV was not at all a factor in the decision to sign .com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170125/7bd81d9a/attachment.html>

More information about the dns-operations mailing list