[anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards

It appears that Michele Neylon - Blacknight via anti-abuse-wg <michele at blacknight.com> said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Serge
>
>Several ccTLD registries have given discounts for DNSSEC.
>
>What is unclear is how many of the domains with DNSSEC enabled are in active use, so the lack of “problems” could be simply down to a complete lack of us / ignorance that the technology was enabled.
>
>My main issue with focus on DNSSEC is that it is seen being a “good use” of resources, so small registries who should invest in other things that are fundamentally more important feel obliged to enable
>it. There’s also the entire “I’ve got DNSSEC so now my domain / site / service is secure” belief. Much like people who think that smacking an SSL cert on their site magically renders it secure.

It makes sense if you're likely to be a phish target or you're
sophisticated enough to use DANE. DNSSEC works pretty well for Comcast.

I agree that for random little private domains the benefit is marginal.

R's,
John