Hacker News new | ask | show | jobs
by djcapelis 5817 days ago 

  It goes without saying but I'll state it anyway, this 
  cascade of down-votes is not the reaction I'd expect for 
  making what I consider to be a pretty innocuous comment 
  about something that potentially affects the priorities of 
  my startup
It's probably a reaction to your advocacy for ignorance at the expense of a story marking an important milestone in DNS's capabilities.

If you insist on not caring, do so quietly. Some people around here are trying to fix things, or break them, which hopefully will result in better systems. In any case, you appear to be doing neither.

(As a side note, your assertion that I agree that this doesn't change anything practical is false, as of yesterday people can resolve domains over DNSSEC, that wasn't true last week. I consider this a practical change. I'm not a big fan of DNSSEC as a protocol, but this is a big deal(tm).)
1 comments
andrewtj 5817 days ago
as of yesterday people can resolve domains over DNSSEC

People can resolve the root over DNSSEC. This is a milestone, but it's one to be followed by many, many more before it affects clients.

link
djcapelis 5816 days ago
No, some TLDs have already signed their zones. Some people are able to use DNSSEC today.

isc.org appears to be using it already, for instance.

Edit:

  $ whois isc.org | grep DNSSEC
  DNSSEC:Signed
link
andrewtj 5816 days ago
Regarding TLDs, you're again intimating that I have said something that I have not said.

I do not dispute that some people are able to use DNSSEC and this does not belie my original comment.

link
djcapelis 5816 days ago
Last week: No one could use DNSSEC. No one did. No one was affected.

Today: Many people can use DNSSEC. Some actually are. Some clients are affected. (Just obviously not yours, since you remain completely uncaring about the subject.)

I don't see how it could be any clearer.

link
andrewtj 5816 days ago
Your assessment of what constitutes "many people" and mine clearly differs.

You are quite right that my clients are unaffected. I like most of the world run a mix of Windows and OS X which like the software that runs on top of them, are not DNSSEC aware (with few exceptions).

Clearly I do care about the subject and I'm not sure why you keep stating that I do not. There is a difference between ignoring a technology until it's useful and ignoring it full-stop.

EDIT: Edited for brevity.

link