Comparable stats from SecSpider for a survey of 1056097 zones at http://secspider.verisignlabs.com/stats.html
DANE Summary 16065 DANE enabled zones with TLSA records 65 PKIX based Trust Anchor TLSA records (Cert Usage 0) 541 PKIX based End Entity TLSA records (Cert Usage 1) 266 DANE based Trust Anchor TLSA records (Cert Usage 2) 5791 DANE based End Entity TLSA records (Cert Usage 3) 425 Zones have deployed TLSA for Secure SMTP (Port 465) 124 Zones have deployed TLSA for Secure POP3 (Port 995) 503 Zones have deployed TLSA for SMTP with STARTTLS (Port 587) 24 Zones have deployed TLSA for Alternate SMTP (Port 2525) 3024 Zones have deployed TLSA for HTTPS (Port 443) 1996 Zones have deployed TLSA for SMTP (Port 25) 72 Zones have deployed TLSA for POP3 (Port 110) 294 Zones have deployed TLSA for Secure IMAP (Port 993) 201 Zones have deployed TLSA for IMAP (Port 143) On 1/6/16, 2:13 PM, "Viktor Dukhovni" <[email protected]> wrote: >On Wed, Jan 06, 2016 at 02:11:06PM +0100, Patrick Ben Koetter wrote: > >> > Is there any statistics or a site that I can find regarding the >>deployment of DANE over the internet? >> >> We did a complete IPv4 scan two weeks ago. AFAIK Viktor is about to >>analyse >> the data. But I don't know when he will be able to present results. > >I don't have the scan data yet, but I will look. At present my >survey has found just over 10400 domains with working DANE TLSA >records for SMTP, a majority of these are from a three hosting >providers: > > 5146 udmedia.de > 1199 mx.transip.email > 933 mx.nederhost.net > >Based on email discussion with the top two, it seems I've captured >around 10% of their actual deployed numbers, so the number of SMTP >domains is around 100k, with over 95% of these hosted by the above >providers. > >The number of SMTP DANE domains that are "large enough" by whatever >criteria Gmail uses to list a domain in its email transparency >report stands at 30 (was 24 in early October). > >We're still early in the deployment process, but DANE support in >OpenSSL will be available soon, which I think will help. Hard to >adopt a standard with no "running code". > >Two of the six DANE patches scheduled for review have been reviewed >and are now part of OpenSSL 1.1.0-dev, the rest will join them soon >I hope. > >-- > Viktor. > >_______________________________________________ >dane mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
