--On 22 July 2008 04:59:48 +0000 Paul Vixie wrote:

> if there are no configuration knobs, no new error messages, no changes to
> DHCP or /etc/resolv.conf or rendezvous, and no dependencies on the U S
> Gov't to approve signing something before we can all start using the
> technology, then it will be extraordinarily easier to deploy than DNSSEC.
> it's just code and there are no forklifts.

How much of the perceived problem is lack of signing by USG in your
opinion? I think there are other options (along the lines of DLV) that
would allow faster deployment if this was substantially the longest
pole in the tent and would allow CNOBIN, ccTLDs etc. to sign their
zones if they were so minded. Clearly this would leave individual
users to sign their zones, but those being spoofed / phished would
have every incentive to get on with it.


to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.