<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 16px; font-family: Calibri, sans-serif;">
<div>So earlier today HBO announced a new HBONow streaming service (at an Apple event). The FQDN to order, which should have been DNSSEC-enabled, was order.hbonow.com. This unfortunately suffered from a rather inconveniently timed DNSSEC problem (<a href="http://dnsviz.net/d/order.hbonow.com/VP5DKQ/dnssec/">http://dnsviz.net/d/order.hbonow.com/VP5DKQ/dnssec/</a>).
:-( Of course, these being hot Net Neutrality days in the U.S., we at Comcast were quickly blamed for blocking access to ordering this new service (despite failures at Google and other validators). </div>
<div><br>
</div>
<div>Had this persisted much longer, we might have considered a <i>negative trust anchor</i> of course, assuming we had direct contact with HBO on the matter (established after they fixed the issue & we flushed the cache). A good example of the sentiment was
the tweet “Wow. I have Comcast and can't reach http://hbonow.com unless I use a different network. #NetNeutrality ”. People tweeted to the FCC to alert them as well.</div>
<div><br>
</div>
<div>But two other I-Ds I wrote up did come in handy in some of my replies on social media: </div>
<div><a href="http://tools.ietf.org/html/draft-livingood-dnsop-auth-dnssec-mistakes-00">http://tools.ietf.org/html/draft-livingood-dnsop-auth-dnssec-mistakes-00</a></div>
<div>and </div>
<div><a href="http://tools.ietf.org/html/draft-livingood-dnsop-dont-switch-resolvers-00">http://tools.ietf.org/html/draft-livingood-dnsop-dont-switch-resolvers-00</a></div>
<div><br>
</div>
<div>Which leads me simply to say that if there’s any interest in progressing these I-Ds in any way, let me know. Of course you may not find them useful until people yell at you for other people’s DNS errors. ;-) </div>
<div><br>
</div>
<div>- Jason</div>
<div><br>
</div>
</body>
</html>