On Aug 29 2018, Rene 'Renne' Bartsch, B.Sc. Informatics via ksk-rollover wrote:
I have promoted DNSSEC for years and always heard the same bad excuses:
DNS server admins: developers of hard- and software clients do not support DNSSEC Hard-/software developers: DNS servers do not support DNSSEC Users: configuration is a huge effort All: KSK rollover will fail leading to an internet blackout
Presuming that this last refers specifically to root zone KSK rollover, my impression is that it was not mentioned much by the "DNSSEC is bad" people until it became obvious that it was going to be more difficult than was originally envisaged. If it is indeed the case that it is now the most commonly raised objection to DNSSEC, this could be because the other ones mentioned above are looking increasingly flimsy. -- Chris Thompson Email: cet1@cam.ac.uk