www != internet
" There are better DNS security proposals circulating already," he argued. "They tend to start at the browser and work their way back to the roots. Support those proposals, and keep DNSSEC code off your servers.""
DNS is used for more than web sites.
Also, whilst he makes some valid points (root chain-of-trust and out-of-date crypto), DNSSEC is not fundamentally broken.
The legitimate people who have problems with it are generally trying to do something 'sneaky' that DNSSEC is designed to stop (as it's similar to what the bad player do.) However, people like Google have proved these problems can be resolved.
I don't know.... Calls to 'abandon DNSSEC' remind me of the calls by those that don't understand IPv6 to abandon that too.
And in an age where technological implementations are dictated by bean-counters, and not the techies, speed/success of deployment means bugger-all.... How many times have long resolved security issues raised their ugly head just because 'management' wouldn't budget the fixes?
Biting the hand that feeds IT
