The abysmal adoption of DNSSEC is just embarrassing, and I haven’t heard any good arguments for why we shouldn’t do it. There’s one blog post that gets passed around as justification for not adopting DNSSEC, but it doesn’t really go into any technical detail and is mostly just the author saying “I’m scared of governments and TLDs”… which is maybe fair, but you still have to trust them for regular CA certs and everything, so why not make thr base secure?
Honestly, I might care slightly more about DNSSEC than IPv6 adoption… IPv4 exhaustion and NATing everywhere sucks, but the fact that you can’t trust DNS is like… insane.
The abysmal adoption of DNSSEC is just embarrassing, and I haven’t heard any good arguments for why we shouldn’t do it. There’s one blog post that gets passed around as justification for not adopting DNSSEC, but it doesn’t really go into any technical detail and is mostly just the author saying “I’m scared of governments and TLDs”… which is maybe fair, but you still have to trust them for regular CA certs and everything, so why not make thr base secure?
Honestly, I might care slightly more about DNSSEC than IPv6 adoption… IPv4 exhaustion and NATing everywhere sucks, but the fact that you can’t trust DNS is like… insane.