[dns-operations] [Ext] DNSSEC deployment incentives

Edward Lewis edward.lewis at icann.org
Tue Jun 18 13:00:58 UTC 2019


On 6/17/19, 23:47, "dns-operations on behalf of Jim Reid" <dns-operations-bounces at dns-oarc.net on behalf of jim at rfc1035.com> wrote:

(For context):
>>On 17 Jun 2019, at 22:41, Mukund Sivaraman <muks at mukund.org> wrote:
>> 
>> What is the factor that stops them [Fortune 500] from signing their domains?
    
>Simple. There’s no compelling business justification or use case

DNSSEC isn't the first safety feature that took a long time to deploy.  (I don't believe the Internet started this fire.)

My favorite precedent is the seat belt, as used in automobiles.
1) Have you ever chosen a car because of the seat belt in it?
2) Have you ever been annoyed by a seat belt?
3) Have you ever had trouble engaging a seat belt? (Cab seat cover over it.)
4) Have you ever been hindered by not being able to release a seat belt?

Seat belts can save your life in the rare accident.  Generally, they are an afterthought, but sometimes can be a nuisance.  Much like DNSSEC.

>From Wikipedia (because it's easier to copy-n-paste than do my own literature search):

"Seat belts were invented by English engineer George Cayley in the mid-19th century,[4]"

"American car manufacturers Nash (in 1949) and Ford (in 1955) offered seat belts as options, while Swedish Saab first introduced seat belts as standard in 1958."

"Subsequently, in 1966, [United States] Congress passed the National Traffic and Motor Vehicle Safety Act requiring all automobiles to comply with certain safety standards."

"The world's first seat belt law was put in place in 1970, in the state of Victoria, Australia, making the wearing of a seat belt compulsory for drivers and front-seat passengers."

Note the regulation/law aspects, and the time taken to see them deployed.

I don't suspect that there will ever be a business case for DNSSEC (based on observations above, and long-ago attempts to make them before we knew better).





More information about the dns-operations mailing list