Ted Lemon wrote:
> Ohta-san, you made the claim that managing DNSSEC is so much more work
> than maintaining regular DNSSEC that the cost of doing so outweighed
> the benefit of doing so - the added security. You provided no
> statistics to back up that claim,
I presented the real-world statistical data to support my claim
that DNSSEC requires to much work. That is, it is hardly deployed
because it requires to much work.
In addition, I have talked with several real-world security experts,
unrelated to DNSSEC, on PKI deployment and confirmed that they don't
deploy DNSSEC because, in practice, PKI is not socially very secure.
PKI is deployed by governments and some large organizations such as
credit card companies, which has not enough intelligence (compared to
enough budget to waste) to evaluate real benefit of PKI. But, that's
all.
> and that claim is contrary to my own
> personal experience with setting up DNSSEC.
Does your personal experience have any statistical significance?
> Rather, what it
> says is that .COM is not signed.
To be statistical, which you requested, how many TLDs among many are
signed?
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
