On Sat, 26 Jul 2008, Alan Clegg wrote: > Date: Sat, 26 Jul 2008 11:41:10 -0400 > From: Alan Clegg <[EMAIL PROTECTED]> > To: Ben Croswell <[EMAIL PROTECTED]>, DNS BIND <[email protected]> > Subject: Re: The worst thing about the exploit -- Have you done your part? > > Ben Croswell wrote: >> I also see a lot of people calling for DNSSEC to fix the underlying >> issue, but unless I am mistaken DNSSEC won't fix the issue unless we >> have close to 100% adoption rate. > > I'm using DLV to do DNSSEC validation right now, as are all the queries > of my upstream ISP. > > I have a bunch of domains that you can validate using DNSSEC including > 'clegg.com'. > > See another presentation of mine here: http://alan.clegg.com/dnssec for > information on deploying DNSSEC in your environment TODAY! > > Yes, there needs to be more infrastructure work done to get it deployed > globally, but why not begin the deployment at the (grass) roots?
I got to ask the painfully obvious question... Why hasn't DNSSEC started at the top? Why aren't the root servers supporting it? Why isn't .com, .org, .edu rolling this out? The .com domain has the most to loose by not having DNSSEC, since every bank and entity-to-steal-from on the planet lives in this domain. Not that I'm opposed to the grassroots, it just seems backwards. Jeff Earickson Colby College
