> On Jun 9, 2015, at 12:42 PM, Viktor Dukhovni <[email protected]> wrote:
>
>> On Tue, Jun 09, 2015 at 06:26:27PM +0200, A. Schulze wrote:
>>
>> Barry Leiba encourage me to write this "it works" message.
>
> Thanks for the confirmation.
>
>> OK, the total number of DNSSEC enabled destinations is small. Really small.
>> But for these destinations we're simply sure we transfer message securely to
>> the right receiver.
>>
>> YES,
>> - it works
>> - it does not hurt
>
> Still increasing gradually. I have curated ~1400 domains now, but
> only 19 of them are "large enough" to be listed in the TLS statistics
> in Google's email transparency report. That much smaller number
> is also rising gradually, just a few months ago it was 13.
>
> I hope that once the SMTP, SRV and "ops" drafts are published RFCs,
> the adoption rate will pick up.
>
> It would also be nice to see even fewer of the early adopters
> messing up key rotation (forgetting to update TLSA RRs when
> replacing certs).
>
> The number of broken domains is only small, because I send alerts
> now and then to the domains that get it wrong. Fully automating this
> is on the TODO list, but cycles are scarce.
>
> --
> Viktor.
>
I have some spare cycles to do development. Can I assist?
Tom
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
