The abysmal adoption of DNSSEC is just embarrassing, and I haven’t heard any good arguments for why we shouldn’t do it. There’s one blog post that gets passed around as justification for not adopting DNSSEC, but it doesn’t really go into any technical detail and is mostly just the author saying “I’m scared of governments and TLDs”… which is maybe fair, but you still have to trust them for regular CA certs and everything, so why not make thr base secure?
Honestly, I might care slightly more about DNSSEC than IPv6 adoption… IPv4 exhaustion and NATing everywhere sucks, but the fact that you can’t trust DNS is like… insane.
My prediction is that we’ll go DNSSEC globally when IPv6 gets mainstream adoption. It sucks how many just don’t care enough.
The abysmal adoption of DNSSEC is just embarrassing, and I haven’t heard any good arguments for why we shouldn’t do it. There’s one blog post that gets passed around as justification for not adopting DNSSEC, but it doesn’t really go into any technical detail and is mostly just the author saying “I’m scared of governments and TLDs”… which is maybe fair, but you still have to trust them for regular CA certs and everything, so why not make thr base secure?
Honestly, I might care slightly more about DNSSEC than IPv6 adoption… IPv4 exhaustion and NATing everywhere sucks, but the fact that you can’t trust DNS is like… insane.
At the current speed that would approximately be in 2087.
Whoa there, let’s not get ahead of ourselves.
After my death then. Alright, carry on.