Moin!
On Aug 13, 2008, at 18:50 , Ted Lemon wrote:
On Aug 13, 2008, at 4:04 AM, Masataka Ohta wrote:
Maybe, Ted could provide some virtual-world data realistic enough to
deny the real-world statistical data such as:
djb> Last week's surveys by the DNSSEC developers ("SecSpider")
have found a
djb> grand total of 99 signed dot-com names out of the 70 million
dot-com
djb> names on the Internet
As others pointed out if you would look somewhere else (e.g .se, .br,
in-addr.arpa) the statistics may be different. And not in any
statistics is the usage of DNSSEC in private networks, which IMHO is
bigger than the public usage so far (hopefully this will change ;-).
Ohta-san, you made the claim that managing DNSSEC is so much more
work than maintaining regular DNSSEC that the cost of doing so
outweighed the benefit of doing so - the added security. You
provided no statistics to back up that claim, and that claim is
contrary to my own personal experience with setting up DNSSEC.
Hmm, assuming that we both did use the same name server software my
experiences are different. Compared to regular DNS setting up and more
importantly maintaining DNSSEC is much more work than normal DNS stuff
(zone resigning, key rollover) . I am not saying that the cost
generally outweighs the benefit, but with the current tools it is
hard to justify DNSSEC usage, at least for the majority of ISPs out
there. But I do hope that the tools get better and thus the cost of
deploying DNSSEC decreases and we will all happily use it and can
justify it's usage.
So long
-Ralf
---
Ralf Weber
Platform Infrastructure Manager
Colt Telecom GmbH
Herriotstrasse 4
60528 Frankfurt
Germany
DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780
Fax: +49 (0)69 56606 6280
Email: [EMAIL PROTECTED]
http://www.colt.net/
Data | Voice | Managed Services
*****************************************
COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland *
Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 2222 *
Geschäftsführer: Albertus Marinus Oosterom (Vors.), Rita Thies *
Amtsgericht Frankfurt/Main HRB 53898 * USt.-IdNr. DE 220 772 475
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
