> It's being worked on by people. For instance, it was important to > get a libunbound version that used nss and not openssl, for various
I think it's more important for everyone who professes to care sign their domain names, even if that means using ISC's trust anchor until a TLD is signed. See https://encrypted.google.com/search?q=isc+dlv https://dlv.isc.org/ That one's registrar refuses DNSSEC is not a good excuse unless one wants to be part of the conspiracy to protect the profits of pkix vendors. ("Conspiracy" is the wrong word, because I think NSI's opposition to DNSSEC is not based on pkix margins that are not really threatened by DANE or even really intentional, but merely a reflection of the corporate culture seen since NSI took over from SRI.) The counts on http://scoreboard.verisignlabs.com/ http://scoreboard.verisignlabs.com/count-trace.png http://scoreboard.verisignlabs.com/percent-trace.png are looking good, but there is a long way to go. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
