... and alice has been working on deploying the .org DNSSEC testbed for
6 months now. Thus far my experence with deploying DNSSEC is: its just
hard, not fun and for a lack of a better word... it SUCKS.
In the last 6months since we deployed it, not one sole has clicked on
the [now broken] _SECURE DOMAIN_ link to enable .ORG dnssec capabilities.
I know we are a tiny registrar but none of our clients thought it
important enough to even try clicking on the _SECURE DOMAIN_ link. So,
even DLV is going to take a tremendous marketing effort to get folks to
differentiate it from LOCK_DOMAIN which merely prevents the domain from
being updated or transfered.
DLV is a huge task so be supportive because it will probably fail just
like DNSSEC is ...but we might just learn something.
Paul Vixie wrote:
can you say "does not scale?"
this is why we're trying to sign up some registrars, starting with alice's,
who can send us blocks of keys based on their pre-existing trust