On Sep 25, 2012, at 7:44 PM, Dan York <[email protected]> wrote: > So in a funny bit of synchronicity, I just turned to my mail client to write > basically this exact message that Henry sent this morning: > > On Sep 25, 2012, at 4:13 AM, Henry Story wrote: > >> Any feedback on advances on deployment of DANE in browsers? >> >> Are there any browsers that support this already, are working on it? > > I also am very interested in this info. My work is with the Internet > Society's Deploy360 Programme ( http://www.internetsociety.org/deploy360/ ) > where our focus is on promoting materials and information to accelerate the > deployment of DNSSEC and IPv6. I have lately been promoting the work of this > (DANE) working group in recent presentations at conferences and there has > been quite a good bit of interest in DANE. I see DANE as providing an > excellent reason for companies and organizations to deploy DNSSEC (in fact > perhaps *THE* reason for some companies) and it finally gives us a way to > talk about how DNSSEC and TLS/SSL can complement each other to provide a more > secure solution. > > But... if there's no timeframe for seeing DANE actually deployed in > browsers... then... I'm winding up setting expectations for something that > may not happen. :-( > > Any info about there on getting it in Chrome? Firefox? Opera? IE? Safari?
Something that would be very helpful for getting this deployed / implemented in browsers is number of folk (and more importantly, organizations) stating that they are planning on / would do DANE if the browsers supported it natively. Of course, even more helpful would be folk actually publishing TLSA records :-P The browser vendors all have limited cycles, and many many things to implement -- showing that this is something that users (and not just security weenie users) want and plan to use helps to prioritize developer time. Initially the browser vendors might be most willing to support DANE / TLSA as a fallback for things like self signed certs before enabling it all the time. Yes, this is suboptimal, but browser folk are (rightly) concerned about performance *and* additional DNS load, so this provides a useful shoe in the door / demo… W > > Any and all info would be greatly appreciated. > > Thanks, > Dan > > -- > Dan York [email protected] > http://www.danyork.me/ skype:danyork > Phone: +1-802-735-1624 > Twitter - http://twitter.com/danyork > > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
