> [mailtowner-namedroppers@ops.ietf.org] On Behalf Of Shane Kerr

> Isn't this always the case with security though? What is the=20
> direct, immediate RoI for putting a lock on your door?


Rarely from securing an existing infrastructure.

Don't expect the existing uses of DNS to drive deployment of the DNSSEC =
infrastructure. It can only serve those needs after the infrastructure =
is almost complete.

Deployment of DNSSEC will be driven by the deployment of domain centric =
security infrastructure such as DKIM and policy based network =
administrating to address the emerging challenge of deperimeterization.

There is a solid business case there but don't expect early adopters to =
be the ones who are already satisfied.=20

> I think the reason things like DNS and routing security don't=20
> get much traction is because there is much lower hanging=20
> fruit for attackers. If the end points of the Internet=20
> weren't so insecure, then things would be different.


The business case for routing security will be driven by regulation.

> If DNSSEC stabilizes after NSEC3, then DNSSEC could slowly=20
> become part of the BCP for network operators. The blocking=20
> factor here is the TLD (and the root), which has little or=20
> nothing to do with RoI.


Stability is not a necessary condition for deployment. Meeting the =
criterial considered essential by the key infrastructure providers is.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: