Alex Stamos at Facebook has publicly & repeatedly stated that DNSSEC is
"dead". I guess that means no RFC 7672 at Facebook. With him making that
statement I already know others taking the same position. There seems to
be a strong anti-dnssec crowd, complaining primarily on these issues:
1) Government access / possible interference with dnssec
2) Weak encryption (1024 bit keys)
3) Complexity of configuration & maintenance
4) "only 1 bit to tell you if things are ok or not"
5) DoS capabilities (ppl forget there are other & easier ways)
Google public DNS supports DNSSEC, but afaik no other part of Google
uses it. Although this proposal can live with or without DNSSEC, I am
wondering if Google, Microsoft, Linkedin & other major companies has any
plans to deploy DNSSEC and RFC7672. Or will this proposal be a shorter &
easier step forward, eventually delaying or simply ignoring RFC7672 for
the foreseeable future?
Regards,
Per