Have you got any specific examples?




On 26/05/2016, 10:50, "NCSG-Discuss on behalf of Niels ten Oever" <[log in to unmask] on behalf of [log in to unmask]> wrote:

>Hi all,
>
>I have been talking to several registrars (especially smaller ones that
>provide a lot of support to NGOs), that do not provide DNSSEC yet as
>part of their service.
>
>The story that I keep on hearing is that even the most experienced
>engineers have issues with understanding the configuration of the KSK
>and Zone signing keys and the key rollover, inconsistencies in
>documentation and therefore lack of adoption, because in case of a
>mistake this might seriously impact the production environment.
>
>I think the adoption of DNSSEC is an issue we should care about because
>it has the potential to radically increase trust in the DNS system.
>
>Is this an issue you all recognize, and do you know how / if ICANN makes
>(or can make) this easier?
>
>Best,
>
>Niels
>
>
>-- 
>Niels ten Oever
>Head of Digital
>
>Article 19
>www.article19.org
>
>PGP fingerprint    8D9F C567 BEE4 A431 56C4
>                   678B 08B5 A0F2 636D 68E9
>