Have you got any specific examples? On 26/05/2016, 10:50, "NCSG-Discuss on behalf of Niels ten Oever" <[log in to unmask] on behalf of [log in to unmask]> wrote: >Hi all, > >I have been talking to several registrars (especially smaller ones that >provide a lot of support to NGOs), that do not provide DNSSEC yet as >part of their service. > >The story that I keep on hearing is that even the most experienced >engineers have issues with understanding the configuration of the KSK >and Zone signing keys and the key rollover, inconsistencies in >documentation and therefore lack of adoption, because in case of a >mistake this might seriously impact the production environment. > >I think the adoption of DNSSEC is an issue we should care about because >it has the potential to radically increase trust in the DNS system. > >Is this an issue you all recognize, and do you know how / if ICANN makes >(or can make) this easier? > >Best, > >Niels > > >-- >Niels ten Oever >Head of Digital > >Article 19 >www.article19.org > >PGP fingerprint 8D9F C567 BEE4 A431 56C4 > 678B 08B5 A0F2 636D 68E9 >