Why such poor adoption of DNSSEC?

My good friend Cricket Liu (of O'Reilly and Infoblox fame) laments the poor adoption of DNSSEC in this blog entry, and Cricket suggets that more agressive Federal regulation might be a solution. I'm fundamentally a Libertarian, so whenever someone suggests that the Feds "should do something", I'm predisposed to rolling my eyes.

I'm not up on all the risks that DNSSEC might mitigate (I understand the cache poisining problem), but it seems to me that if the risks are worthy of mitigation, the IT security staff and the IT auditors should be driving DNSSEC adoption as a normal part of their risk evaluation and mitigation process. Regulations like SOX and SB1386 would seem to be sufficient.

Comments are closed