[dns-operations] DNSSEC deployment incentives

Jim Reid jim at rfc1035.com
Tue Jun 18 08:55:49 UTC 2019

> On 18 Jun 2019, at 01:17, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> On Mon, Jun 17, 2019 at 11:42:15PM +0100, Jim Reid wrote:
>>> What is the factor that stops them [Fortune 500] from signing their domains?
>> Simple. There’s no compelling business justification or use case. If these
>> existed, those zones would be signed. QED.
> Times change.  The same could be said about IPv6

Not really. The exhaustion of IPv4 addresses mean there are clear business justifications and use cases for IPv6 adoption. That can’t be said for DNSSEC. There may well be parallels in why uptake of these two technologies has stalled. However IPv6 is on much firmer foundations than DNSSEC is. The soundbite case for IPv6 is simple and easy to understand: 4 billion addresses isn’t enough for 7-8 billion people. What’s the equivalent for DNSSEC?

More information about the dns-operations mailing list