RE: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

> From: Alex Bligh [mailto:alex@alex.org.uk] 

> I'm not sure whether this is the same point Phil is making, 
> but inc ase not, it seems to me the RoI argument is like 
> expecting positive RoI on the deployment of the first 
> telephone. 

Part of it.

There is a chicken and egg problem in every one of these network effect marketting type schemes. So to create critical mass you need to have a strategy that does not depend on the network effect.

DKIM has a unilateral deployment advantage albeit a weak one. DKIM + Secure Letterhead has a much stronger deployment advantage.


The point here is to design for deployment and in particular to work to co-opt the participation of major infrastructure providers, major platform providers.

Absolutely nobody has made the claim that NSEC3 is too complex to be deployed. Multiple registries have stated that they cannot deploy without NSEC3. This is the only group I know where this would still be under discussion.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>