> On 11 May 2016, at 10:03, Viktor Dukhovni <[email protected]> wrote: > > On Wed, May 11, 2016 at 04:55:43AM +0700, Aaron Zauner wrote: > >> DNSSEC non-existent. > > I do have some counter-examples to that claim, that have not only > DNSSEC, but also DANE TLSA records for inbound SMTP: > > gmx.at > registro.br > gmx.ch > gmx.com > mail.com > bund.de > gmx.de > jpberlin.de > lrz.de > posteo.de > ruhr-uni-bochum.de > web.de > octopuce.fr > comcast.net > dd24.net > gmx.net > key-systems.net > mpssec.net > t-2.net > xs4all.net > xs4all.nl > debian.org > freebsd.org > gentoo.org > ietf.org > isc.org > openssl.org > samba.org > torproject.org > (and 30500 others that are less well known)
Do you have percentages which of these aren't either: a) a open-source project where there's large community demand (for some reason) b) hosted in germany where there's a BSI guide-line to implement DNSSEC (I talked to these guys a while ago, they're largely unfamiliar with the topic of cryptography AFAICT) c) aren't .gov, .mil etc. where a similar policy to the BSI one exists - though large outages still happen frequently ? Thanks, Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
