Why won't Walltime deploy DNSSEC?


A few people suggested we deploy DNSSEC @ Walltime.

Why don't we? DNSSEC is far from a consensus in the security community - there are people who believe it to be unnecessary, cryptographically weak, expensive to adopt and deploy, incomplete (missing basic desirable use cases for such a technology) and more.

We also do protect against a subset of what DNSSEC is designed to with alternative measures.

1 Some references: