> In fact, it's failed more comprehensively than any IETF technology ever attempted

Now here is where I disagree. Just off the top of my head, how about HIP, IP multicast and PEM?

PEM actually gets used? People depend on it? It hasn't been a market success, but if the root keys for DNSSEC ended up on Pastebin this evening, almost nobody would need to be paged, and you can't say that about PEM.

Multicast gets used (I think unwisely) in campus/datacenter scenarios. Interdomain multicast was a total failure, but interdomain multicast is more recent than DNSSEC.

HIP is mid-aughts, isn't it?

▲

ekr____ 6 hours ago | parent [-]

Fair enough on Multicast and HIP. I'm less sure about the case for PEM.

S-HTTP was a bigger failure in absolute terms (I should know!) but it was eventually published as Experimental and the IETF never really pushed it, so I don't think you could argue it was a bigger failure overall.

▲

tptacek 6 hours ago | parent [-]

There really has been a 30+ year full-court press to make DNSSEC happen, including high-effort coordination with both operators and developers. I think the only comparable effort might be IPv6. But IPv6 is succeeding (slowly), and DNSSEC seems to have finally failed.

(I hate to IETFsplain anything to you so think of this as me baiting you into correcting me.)

	▲	ekr____ 6 hours ago \| parent [-]
		Oh, I was basically agreeing with you. To really nerd out about it, it seems to me there are two metrics. 1. How much it failed (i.e., how low adoption was). 2. How much effort the IETF and others put into selling it. From that perspective, I think DNSSEC is the clear winner. There are other IETF protocols that have less usage, but none that have had anywhere near the amount of thrust applied as DNSSEC.