what i do not understand is why people think screaming to the choir will make any significant difference?
Think about it. Would you rather nobody make a big deal about it and have it go unpatched lots of places, and have nobody understand what a monumental train wreck this all is, or would it be better that people take some notice, and have resources like NANOG available to help them make the case about how this needs to be patched, and also just how much we all need DNSSEC? Sometimes the only thing you can do is scream at the choir, but if that can make even a small difference, why not? And Paul's absolutely correct, this is not something where we can afford to let that happen. You will be affected regardless, whether it is because your customers are relying on an answer provided by a nameserver somewhere else in the infrastructure that has been corrupted, or whatever. And patching does not appear to guarantee invulnerability (eek!) The Really Scary Possibilities (at least the one that really frightens me) Have Not Been Discussed On This List. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.