On 16/07/2010, at 1:42 PM, Andy Linton wrote:
Following up on this and Jay's comments about when we'll do this for .nz. I'd observe that the process involved in getting ready and implementing this is non trivial.
The logistics of deploying and operating DNSSEC are certainly non-trivial. I'd also observe this hasn't just arrived out of the blue; we've all known the root was due to be signed for some time and there is no reason why planning can't have happened before now. While I'm sure that some work has been happening, I had hoped that we'd have a timeframe for implementation when the root was signed.
There's a challenge here for this community to start thinking about the process of getting the domains we're responsible for ready for signing as well. We'll also need to educate and assist customers.
Couldn't agree more. Sam.