Hi all,

I have been talking to several registrars (especially smaller ones that
provide a lot of support to NGOs), that do not provide DNSSEC yet as
part of their service.

The story that I keep on hearing is that even the most experienced
engineers have issues with understanding the configuration of the KSK
and Zone signing keys and the key rollover, inconsistencies in
documentation and therefore lack of adoption, because in case of a
mistake this might seriously impact the production environment.

I think the adoption of DNSSEC is an issue we should care about because
it has the potential to radically increase trust in the DNS system.

Is this an issue you all recognize, and do you know how / if ICANN makes
(or can make) this easier?

Best,

Niels


-- 
Niels ten Oever
Head of Digital

Article 19
www.article19.org

PGP fingerprint    8D9F C567 BEE4 A431 56C4
                   678B 08B5 A0F2 636D 68E9