Joe Baptista wrote: > ORG and GOV and quite a lot of the ccTLD's are "DNSSEC compatible", so I > don't actually think it'd be much of a horserace if compatibility is all > you're looking for. > > > I agree they are both DNSSEC compatible but .GOV has only deployed > DNSSEC in 20% of it's zones. I'm not sure what the percentage is in .ORG > - 5% ? less ? is it even 1% of the zones? The make work project continues.
Right now, as far as I am concerned, the main obstacle to more widespread adoption on DNSSEC is the lack of procedure to establish trust between your zone and the TLD. Even if my zone is signed, and it's in .org which is signed too, I have no (googlable) way to get my DS included into the TLD zone. Of course dlv.isc.org exsits, but I think it's publicly perceived as a testbed rather than a production anchor. I'd be happy to be wrong. (And, don't tell me to switch back to Verisign registrar.) Eugene
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
