NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Reply To:
Date:
Fri, 27 May 2016 15:56:29 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (56 lines)
All,


On Fri, May 27, 2016 at 7:46 AM, Niels ten Oever
<[log in to unmask]> wrote:
> Hi Rafik,
>
> The DNSSEC for Everybody is great and fun, but it's more a very rough
> 101. The DNSSEC workshop is also great, but it doesn't help you when you
> are behind a production terminal. Good documentation is needed.


There is plenty of good documentation, in BIND KB, for UNBOUND, for
Windows DNS, on dnssec-deploy site, deploy360 and many, many others.


 Or we
> need to find out better why adoption levels are so low.


This is a more productive path for NCSG to follow.

Adoption levels are low because it is hard.

There is little to no payoff AND it costs (some) money and involves real risks.

The benefits accrue mostly to others.

ICANN/ISOC/RIRs and other I*s have been trying to get people to "take
their medicine" for years.

There is zero reason for NCSG to re-invent this particular wheel.



>
> Is this something we can bring up?
>
> I think this is especially an issue for the NCSG because NGO's,
> activists and individual users will greatly benefit from increased
> trust, and more protection against DNS poisoining. With the enormous
> success of Let's Encrypt (1 milltion certs distributed, covering >2.5
> million domains) DNSSEC is the next logical step, and adoption is still
> _very_ low.


DANE is the next logical step post DNSSEC.  Let's Encrypt is cool tho.


-- 
Cheers,

McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there."  Jon Postel

ATOM RSS1 RSS2