11 Jun
2021
11 Jun
'21
1:07 p.m.
John Levine <johnl@iecc.com> writes:
I have signed all 300 zones on my DNS servers, but only about half of them have working DNSSEC because there is no practical way to install the DS records.
Sounds like ICANN, having told us for a very long time that they want DNSSEC everywhere, should attempt to get a requirement in place that registrars have to make it reasonably easy for customers to get those DS records installed. Certificate authorities are now required to honor CAA records, which need DNSSEC in place to really make sense, so it would, IMHO, be natural to follow up like this. -tih -- Most people who graduate with CS degrees don't understand the significance of Lisp. Lisp is the most important idea in computer science. --Alan Kay