[dns-operations] .FI going insecure for two weeks (!)
Philip Homburg
philip at nlnetlabs.nl
Wed Dec 18 06:58:33 UTC 2024
On 17/12/2024 23:51, cstamas+dns at cstamas.hu wrote:
>
> My understanding is that they are using a signer that does not make algorithm rollovers easy. They are going for what seems to be less risky for them.
>
To put it more strongly, what I got through the grapevine is that the
issue is one risk assessment. There is a risk that something will go
wrong and that .fi will become bogus. On the other hand, there is
essentially no DNSSEC use by bigger sites in .fi.
There are about 7000 sites in .fi that do DANE, but it seems that those
are not important enough to warrant keeping .fi signed.
More information about the dns-operations
mailing list