Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The entire point of this story is that until this week your clients couldn't have used it even if they wanted to and that changed.

I'm not saying you have to go running off and caring about DNSSEC now, but the kneejerk "omg it's not deployed" argument really isn't helpful or insightful attached to a story about how it just finished getting deployed for real on the roots finally after years of waiting.



Your reading of my post as "omg it's not deployed" is an unwarranted exaggeration. I merely stated that for me, someone who maintains a from the wire-up DNS implementation, this baby-step doesn't change anything practical — which is something you've agreed with.

EDIT:

It goes without saying but I'll state it anyway, this cascade of down-votes is not the reaction I'd expect for making what I consider to be a pretty innocuous comment about something that potentially affects the priorities of my startup.


  It goes without saying but I'll state it anyway, this 
  cascade of down-votes is not the reaction I'd expect for 
  making what I consider to be a pretty innocuous comment 
  about something that potentially affects the priorities of 
  my startup
It's probably a reaction to your advocacy for ignorance at the expense of a story marking an important milestone in DNS's capabilities.

If you insist on not caring, do so quietly. Some people around here are trying to fix things, or break them, which hopefully will result in better systems. In any case, you appear to be doing neither.

(As a side note, your assertion that I agree that this doesn't change anything practical is false, as of yesterday people can resolve domains over DNSSEC, that wasn't true last week. I consider this a practical change. I'm not a big fan of DNSSEC as a protocol, but this is a big deal(tm).)


as of yesterday people can resolve domains over DNSSEC

People can resolve the root over DNSSEC. This is a milestone, but it's one to be followed by many, many more before it affects clients.


No, some TLDs have already signed their zones. Some people are able to use DNSSEC today.

isc.org appears to be using it already, for instance.

Edit:

  $ whois isc.org | grep DNSSEC
  DNSSEC:Signed


Regarding TLDs, you're again intimating that I have said something that I have not said.

I do not dispute that some people are able to use DNSSEC and this does not belie my original comment.


Last week: No one could use DNSSEC. No one did. No one was affected.

Today: Many people can use DNSSEC. Some actually are. Some clients are affected. (Just obviously not yours, since you remain completely uncaring about the subject.)

I don't see how it could be any clearer.


Your assessment of what constitutes "many people" and mine clearly differs.

You are quite right that my clients are unaffected. I like most of the world run a mix of Windows and OS X which like the software that runs on top of them, are not DNSSEC aware (with few exceptions).

Clearly I do care about the subject and I'm not sure why you keep stating that I do not. There is a difference between ignoring a technology until it's useful and ignoring it full-stop.

EDIT: Edited for brevity.


You're messing with people's hope.

People want a story about how the Internet is getting a cool new security capability.

They especially want that story to come at the expense of Verisign and the SSL CA's.

Expect downvotes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: