[arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Jo Rhett jrhett at netconsonance.com
Fri Oct 5 00:13:05 EDT 2018

> You’re entirely missing Michael’s point.  DNSSEC is not a _treat_ that you dangle in front of universities, it’s an operational requirement for _the whole Internet_, of which your paying members are constituents.  You’re denying _me_ the ability to use DNSSEC to validate addresses any time you prevent anyone from registering a DS record.

I completely and totally disagree with this assessment. What’s happening here is that you desire to not only continue to freeload when ARIN has spent decades trying to get you to play nice with others, but you want ARIN to create brand new services and then give those to you for free. You cannot claim operational impact when you have refused for 25 years to play by the rules.

Bill, I know you knew John and thus you know for a fact John would happily just cut you off for this kind of idiocy. Stop playing the aggrieved party. You aren’t aggrieved, ARIN has done nothing but bend over backwards to you for years, and you’ve done nothing but take advantage of it.

John: I’d like to address a significant elephant in this room. I don’t see how ARIN could possibly claim to provide DNSSEC authority for domains where they are unable to validate the entity currently managing the domain. Absent any such agreement, I think that continuing to provide service to these domains is a willful violation of trust on ARIN’s part, and presents a legal problem should one of these domains be abused to compromise another entity.

At no time should ARIN provide ANY service, even discussion of new services, to entities that 25 years later are still refusing to play as equals with others.

Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

More information about the ARIN-PPML mailing list