When you shoot yourself in the foot with DNSSEC, you typically end up with a non-working setup.
The biggest problem is that DNS replies are often cached, so fixes for the mistakes can take a while to propagate. With Let's Encrypt you typically can fix stuff right away if something fails.
Come on. It's not dangerous, it's just inconvenient and clumsy. So nobody is really using it.
Ok, it's inconvenient and clumsy in ways that make it easy to shoot oneself in the foot. But that's not dangerous?
When you shoot yourself in the foot with DNSSEC, you typically end up with a non-working setup.
The biggest problem is that DNS replies are often cached, so fixes for the mistakes can take a while to propagate. With Let's Encrypt you typically can fix stuff right away if something fails.
12 replies →