I'm sure you can find several of those using the search bar. The argument has gotten a lot grimmer since 2015 --- DNSSEC lost deployment in North America over the last couple years. It didn't simply plateau off and stop growing: people have started turning it off. That corresponds with the success of CT in the WebPKI, with multi-perspective lookup, with the failure of DANE stapling in tls-wg, and with domain hijacking through registrar fixing.

▲

gzread an hour ago | parent | next [-]

To be clear, your argument is that DNSSEC is bad because people don't use it?

	▲	tptacek 40 minutes ago \| parent [-]
		You have the causality reversed.

▲

indolering 8 hours ago | parent | prev [-]

[flagged]

▲

tptacek 8 hours ago | parent [-]

I feel pretty confident that the search bar refutes this claim you're making. What you're trying to argue is that I've avoided opportunities to argue about DNSSEC on HN. Seems... unlikely.

	▲	indolering 8 hours ago \| parent [-]
		[flagged]