On Tue, Jun 09, 2015 at 06:26:27PM +0200, A. Schulze wrote:
> Barry Leiba encourage me to write this "it works" message.
Thanks for the confirmation.
> OK, the total number of DNSSEC enabled destinations is small. Really small.
> But for these destinations we're simply sure we transfer message securely to
> the right receiver.
>
> YES,
> - it works
> - it does not hurt
Still increasing gradually. I have curated ~1400 domains now, but
only 19 of them are "large enough" to be listed in the TLS statistics
in Google's email transparency report. That much smaller number
is also rising gradually, just a few months ago it was 13.
I hope that once the SMTP, SRV and "ops" drafts are published RFCs,
the adoption rate will pick up.
It would also be nice to see even fewer of the early adopters
messing up key rotation (forgetting to update TLSA RRs when
replacing certs).
The number of broken domains is only small, because I send alerts
now and then to the domains that get it wrong. Fully automating this
is on the TODO list, but cycles are scarce.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
