On Oct 3, 2012, at 11:58 AM, "Daniel Piggott" <[email protected]> wrote:
> Is google not already using this in chrome? Nope -- Chrome does do pinning (http://www.imperialviolet.org/2011/05/04/pinning.html), HSTS, etc. Perhaps you were thinking of DNSSEC stapled certificates (http://www.imperialviolet.org/2011/06/16/dnssecchrome.html ) -- this is similar, bit different to DANE… W > > -----Original Message----- > From: Warren Kumari [mailto:[email protected]] > Sent: 02 October 2012 22:28 > To: Dan York > Cc: Paul Hoffman; dane WG list > Subject: Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet? > > > On Oct 2, 2012, at 3:34 PM, Dan York <[email protected]> wrote: > >> Paul, >> >> On Oct 1, 2012, at 11:52 AM, Paul Hoffman wrote: >> >>> On Oct 1, 2012, at 8:07 AM, Dan York <[email protected]> wrote: >>> >>>> Certainly ISOC *could* hold a meeting to discuss how to get DANE more > widely deployed ... and the people that would need to be at that meeting > would be, well, probably pretty much many of the people who would be at the > DANE working group meeting at IETF! >>> >>> We fully disagree there. Protocol developers are often not protocol > deployers. For example, I do not contribute to DNS server or DNS admin > projects; the same would be true for the large majority of the people who > contributed ideas and comments to the DANE protocol. >>> >>> ISOC could pull together a meeting of such protocol deployers, as well as > enterprises who might find DANE useful, and I suspect the overlap between > people at that meeting and the last DANE WG meeting would be very small. >> >> Sigh... I will have to confess that you are probably on target here, > particularly as no one else has chimed in on this general thread in the last > 24 hours. >> >> And thus we continue with the challenge that we in the IETF typically > define something as "done" when "the protocol is defined" and not when > "people can actually use the protocol". >> >> Here we have this truly awesome piece of work, DANE, and here it will > linger in limbo until eventually maybe someday someone somewhere can > implement it in some fashion that some people can use in some way. >> >> Certainly I can - and will - do everything I can both personally and > within ISOC's various means to get people talking about DANE and moving > toward deployment. Within the Deploy360 Programme, we've been talking to a > good number of people about how to advance the advocacy and promotion of > DNSSEC... and we have been planning to incorporate DANE into that effort. > But as much as we can do, we're still one organization - or even a group of > organizations and companies. We need many more people involved. >> >> I know you may not think of yourself as a "protocol deployer", Paul, but I > would argue that we do need everyone on this list thinking about how we can > get DANE deployed. >> >> DANE is far too awesome - and far too powerful - to let it linger in > limbo. > > Thanks, we are glad you like it :-) > > More seriously though, this is yet another chicken-and-egg problem. > > In this particular case I think that the easiest / fastest way to get better > deployment is to convince the browser manufactures to include support for > DANE -- this will incentivize[0] folk to deploy records. > > W > > [0]: Whoohoo, "incentivize" ! >> >> My 2 cents, >> Dan >> >> -- >> Dan York [email protected] >> http://www.danyork.me/ skype:danyork >> Phone: +1-802-735-1624 >> Twitter - http://twitter.com/danyork >> >> >> >> _______________________________________________ >> dane mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dane > > > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane > _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
