> From: Ned Freed [mailto:ned.freed@xxxxxxxxxxx] > Indeed, although I have to say that in my experience DNSSEC > deployments are rare. I wish it were otherwise but that's > been my observation. As you have pointed out elsewhere, the > necessary impetus to deploy doesn't seem to exist. I doubt that this will remain the case if I get my way with DNS policy. People outside core DNS infrastructure providers are unlikely to deploy security mechanism for an existing infrastructure until they are convinced that there is a very serious need to do so. Unless the role of the DNS changes that is only likely to occur if there is a very significant event. There are two benefits to deploying a comprehensive DNS based policy infrastructure: 1) It will make the Internet much easier to administer and use 2) It will motivate deployment of security infrastructure for DNS providing a single ended adoption benefit to early adopters before critical mass is reached to drive the network effect. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf