On 30.8.2018 01:24, David Conrad wrote:
Hi,
On Aug 29, 2018, at 3:36 PM, Rene 'Renne' Bartsch, B.Sc. Informatics via ksk-rollover <ksk-rollover@icann.org <mailto:ksk-rollover@icann.org>> wrote:
Rolling out DNSSEC is not a technical but a social problem. It's called fear and laziness. It seems the focus of the ICANN board is too technical to realize this.
In my experience, it is rare for someone to say the focus of ICANN’s board “too technical” :).
The indecisiveness of the ICANN board makes all involved parties insecure.
To clarify, the Board has not been not indecisive. They haven’t yet been asked to make a decision on rolling the KSK.
I suggest a marketing campaign to promote the benefits of the DNSSEC/DANE dyad for users who will then push service providers and hard-/software developers.
We (staff) would love to hear thoughts on benefits of DNSSEC/DANE (we
I would put https://tools.ietf.org/html/rfc7477 aka "Child-to-Parent Synchronization in DNS" on the list. DNSSEC is required to do this in a secure way but once we have it we can get rid of parent-child NS desynchronization problem. That would help a lot with DNS operations/debugging because parent-child desync can be lurking for months or even years before last NS is moved elsewhere and then whole domain breaks suddenly. -- Petr Špaček @ CZ.NIC