Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
cyberax
1mo ago
0 comments
Save
Share
You're wrong. Both .com and .net are signed (`dig RRSIG com.`), and if they screw up, then all the com/net zones will become inaccessible.
0 comments
4 comments · 2 top-level
top
newest
oldest
tptacek
1mo ago
· 2 in thread
Virtually no zones under .com/.net are signed, which was the only point I was making. It has no adoption here.
profmonocle
1mo ago
Even if example.com is unsigned, the delegation from .com to example.com will still be signed (including an attestation that example.com is unsigned). So lack of DNSSEC adoption by users of the TLD wouldn't save them here.
cyberax
OP
1mo ago
Sure. But that was not the issue with .de, it has about the same level of DNSSEC adoption as .com
DENIC screwed up the TLD itself, and .com/.net are just as susceptible.
theMMaI
1mo ago
Sssshh, don't give Verisign any bad ideas!
j
/
k
navigate · click thread line to collapse
