At 17:35 01/07/2008, John Levine wrote:
The author of a draft proposal on signed and encrypted DNS has submitted it to the IETF; a link was posted to a Toronto Asterisk (open source VOIP/telephony) mailing list.
It's sort of interesting, but it's a decade to late to derail the DNSSEC train.
Why to derail? The Internet should not be seen as a monolith carved for eternity. This should be worked on, tested, compared and a possible transition or parallel usage documentation be provided. This is the way IETF and the Internet community has always proceeded. DNSSEC is like DNS, IPv6 and IDNA, who knows where they will be ten years from now. Maybe everywhere, maybe forgotten. Please remember the only architectural principle of the Internet technology (RFC 1958): everything but that principle can change. Cheers. jfc