Ted - I agree 100% that there are risks for loss of reputation, recovery
from customer losses due to fraud, etc. Perhaps those assets are as
tangible as direct theft of cash...

- Ralph

On 12/7/06 5:43 PM, "Ted Lemon" wrote:

> Ralph Droms wrote:
>> The immediate RoI isn't directly like locking your door, because you don't
>> have the risk of anything being stolen *directly* from you if you don't
>> apply DNSSEC to your zones. It's more indirect - somebody else trying to
>> access your website won't be robbed through a phishing attack if you put a
>> lock on your door.

> It depends on how much your reputation is worth. I was having dinner
> with a guy the other day whose site had been hacked using a SQL
> injection attack which resulted in customers' information being acquired
> and misused. He certainly didn't think that this was his customer's
> problem - indeed, his e-commerce site has been offline for three months
> now because they're so worried about the possibility of compromising
> their customer info again. DNSSEC doesn't solve this problem at all,
> but the point is that companies who don't have a monopoly, which is most
> companies, really do care whether their customers' transactions are safe.

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.