Maxim Kammerer wrote: > Also, how widespread is client DNSSEC support? E.g., I enabled > DNSSEC for my domain, but not sure yet whether DNS resolution > anywhere will fail in case DNS responses are spoofed.
There is a gap between applications asking resolvers to do lookups and resolvers which can do authenticated lookups, which still needs to be bridged. That gap bubbles up into a user interface problem, which is a domain that all DNSSEC efforts have completely overlooked. It will take some more time before applications settle on some UI for communicating DNSSEC things to users, and on top of that the users will need to understand what is actually going on. //Peter
