I support adoption of this draft. I appreciate that it acknowledges that deployment has been lower than some advocates hoped, but I think the text following that is misplaced:
However, this low level of implementation does not affect whether DNSSEC is a best current practice; it just indicates that the value of deploying DNSSEC is often considered lower than the cost. I would suggest a different caveat, perhaps: Nonetheless, the majority deployment of DNSSEC within certain major registries [1], and near-universal deployment across Top-Level Domains [2], demonstrate that DNSSEC is suitable for implementation by both ordinary and highly sophisticated domain owners. [1] https://stats.sidnlabs.nl/en/dnssec.html [2] https://stats.research.icann.org/dns/tld_report/ On Fri, Mar 25, 2022 at 6:37 AM Paul Wouters <p...@nohats.ca> wrote: > On Mar 25, 2022, at 00:08, Tim Wicinski <tjw.i...@gmail.com> wrote: > > > > If you attended the most recent DNSOP session, you've heard Warren speak > about creating a BCP for DNSSEC, including all of the DNSSEC related RFCs, > in order to make life easier for implementers and DNS operators. > > Please do. As an author and reviewer, I have ran into issues and then > inconsistencies on how to normatively reference DNSSEC. > > Paul > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop