LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DNSSEC

DNSSEC

Posted Feb 2, 2010 20:12 UTC (Tue) by Thue (subscriber, #14277)
In reply to: DNSSEC by tialaramex
Parent article: China Internet Network Information Center accepted as a Mozilla root CA

RFC 5155 defining NSEC3 was published in March 2008. If DNSSEC was high priority, and NSEC3 was not that big of a change over base DNSSEC, then I don't see why it should take more than 6 months to implement at the root level. As I argued previously, once a basic software implementation is in place then it is just a question of load balancing. Other organizations have deployed DNSSEC, so software support exists.

Yes, it is important to take the time to get it right at the root DNS. But this is snails pace. I can't reasonably see that the supposed problems fit the time it is taking, if enough resources were allocated to this important project.

It is possible that we are just dealing with a large slow bureaucracy. But I still don't have to like it :). And it should be blindingly obvious that having Verisign near the center of the effort to implement DNSSEC is a potential conflict of interest. For example, Wikipedia says that Verisign ran the NSEC3 DNSSEC Pilot (http://en.wikipedia.org/wiki/NSEC3#Response_and_NSEC3).

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds