Y
Hacker News
new
|
ask
|
show
|
jobs
by
cyberax
49 days ago
You're wrong. Both .com and .net are signed (`dig RRSIG com.`), and if they screw up, then all the com/net zones will become inaccessible.
2 comments
tptacek
49 days ago
Virtually no zones under .com/.net are signed, which was the only point I was making. It has no adoption here.
link
profmonocle
49 days ago
Even if example.com is unsigned, the delegation from .com to example.com will still be signed (including an attestation that example.com is unsigned). So lack of DNSSEC adoption by users of the TLD wouldn't save them here.
link
cyberax
49 days ago
Sure. But that was not the issue with .de, it has about the same level of DNSSEC adoption as .com
DENIC screwed up the TLD itself, and .com/.net are just as susceptible.
link
theMMaI
49 days ago
Sssshh, don't give Verisign any bad ideas!
link