upvote

points

by sgc12 hours ago |
comments
upvoteby tptacek12 hours ago|
[-]
Germany appears to depend on it. Virtually none of North America does. I'm pretty satisfied with how this whole thing shook out!
reply
upvoteby cyberax11 hours ago|
parent|
[-]
You're wrong. Both .com and .net are signed (`dig RRSIG com.`), and if they screw up, then all the com/net zones will become inaccessible.
reply
upvoteby tptacek10 hours ago|
parent|
next
[-]
Virtually no zones under .com/.net are signed, which was the only point I was making. It has no adoption here.
reply
upvoteby profmonocle5 hours ago|
parent|
next
[-]
Even if example.com is unsigned, the delegation from .com to example.com will still be signed (including an attestation that example.com is unsigned). So lack of DNSSEC adoption by users of the TLD wouldn't save them here.
reply
upvoteby cyberax9 hours ago|
parent|
prev|
[-]
Sure. But that was not the issue with .de, it has about the same level of DNSSEC adoption as .com

DENIC screwed up the TLD itself, and .com/.net are just as susceptible.

reply
upvoteby theMMaI7 hours ago|
parent|
prev|
[-]
Sssshh, don't give Verisign any bad ideas!
reply