Reply to post:

Internet-wide security update put on hold over fears 60 million people would be kicked offline


DNS just about barely works as it is. The average quality of zones and delegations is simply appalling. Adding a PKI on top of it certainly won't help it work better. And considering adding said PKI has no benefits whatsoever *, why even consider doing it, much less do it on a global scale?

* At most it would stop something along the lines of Web sites getting defaced because of DNS hijacks, like after compromising hosts in the same subnets as the DNS servers. Not exactly an issue worth remodeling fundamental parts of the Internet for... If you can have much more fun than that, the issue is with the actual service (read: cleartext authentication, no HTTPS, etc), not with the DNS infrastructure.

PS. The proper "upgrading of tools for DNSSEC" in a small organization consists of making sure it's disabled everywhere.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019