Re: DS and Opt-in - a proposal

[Jaap Akkerhuis <jaap@sidn.nl>]

Folks,

    though i am still personally a bit uncomfortable with opt-in for
    reasons related to this, the likely harm of unneeded uses seems low, and
    the verisign gang whine soooo pathetically :-).

What me personally disturbs about this discussion is that there is
so little technical or operational content in the whining. Apart
from the somewhat dogmatic statement ``my XX-million customers will
complain'', I have been told that ``Yes, we can sign but the current
technology cannot provide the footprint we need to service a secure
com. zone''. (Statements like these were made in Salt Lake City).
Up to now, I haven't seeen any numbers supporting this statement.

I would really like to see some numbers, hard facts or at least
some data to support why an opt-in is needed.

	jaap

PS. Why do I want to see this? About two years ago (around that
	time anyway) arguments were floating around that it would
	be impossible to do DNSSEC because signing big zones was
	close to be impossible.  These arguments turned about to
	be hearsay.  Yes, signing big zones is hard but doable.

	Now convince me that an opt-in DNSSEC solution is really 
	needed.


to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.