In a recent posting, I considered the prospects for DNSSEC's adoption. Well, instead of just thinking about what might happen, I figured I should take a look at the current situation.
I had the pleasure of spending several days with the new DNSSECbis command-line tools in BIND 9.3.2 a couple of weeks ago. I mean that sincerely. The new tools are well-written and worked the way I thought they should, with only a few exceptions. The question now is whether or not anyone will take the time to learn to use them.
The Europeans are forging ahead with DNSSECbis. The Swedish NIC signed the se zone in September of last year. This means that any Swedish organization with a subzone of se can use the BIND 9.3.2 tools to sign their zone, and anyone with the se zone's public key configured can verify their zone data. Very cool.
Now if only VeriSign would sign com and net, we'd be in business! [bloxblog: Cricket Liu]