Open Q / Discussion: DNSSEC-Signed requests receiving prioritization #1819
Labels
non .dat Change or Coding Review
Alteration to code/automation or publicsuffix.org site
❔❔ question
Open question, please look / answer / respond
🚩🚩🚩Want Browser Feedback 🚩🚩🚩
Topics that would benefit from input of Browser dev
Comments
dnsguru
added
❔❔ question
|
The thinking here would be to add something like this into the DNS scanning automation specifications that are being discussed |
Closed
|
I doubt this would actually improve the adoption of DNSSEC a lot. The PSL just isn't that big. Plus, we are not slow enough that prioritization would make a meaningful difference. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In some of the feedback to #1813 that has come to me conversationally, one suggestion was to make DNSSEC signature of the eTLD+ be mandatory.
The benefits of the integrity of resolutions that DNSSEC are fairly great, though adoption is below what one would hope. Probably related to the adoption is the friction/complexity to implementing it.
So perhaps making it mandatory is a bit unrealistic, but what might be a good idea would be to attract use of DNSSEC being in place to add safety/integrity, and as we automate SOA/TXT automation for the review process, also scan for DNSSEC records being present, and let those with DNSSEC jump ahead in priority of processing.
Would like to see some community feedback on this.
The text was updated successfully, but these errors were encountered: