re: 15 years to develop and what do we get get? get?

Tony Hoyle said "They hand over the keys to verisign. That means dnssec keys will cost $$$ to buy, meaning only corporates will use it.". This shows how little he knows about DNSSEC.

DNSSEC works on a zone-by-zone basis. It's up to the zone administrator to decide whether to sign their zone or not. If they use it, they add DNSSEC resource records -- keys, signatures, etc -- to their zone. In principle this is no different from how they'd add a new A record for a host or an MX record for mail delivery: they'd just use new tools to generate those keys and signatures. The zone administrator generates their own DNSSEC keys by whatever means they choose. There's no reason to buy them. in fact it would be unwise to buy DNSSEC keys from a third party, assuming anyone was stupid enough to sell them, in case those keys were weak, poorly managed or otherwise compromised somehow.

Paris icon because she knows a lot more about this subject than Tony Hoyle.