On Wed, Jan 13, 2016 at 02:51:01PM +0000, Wiley, Glen wrote:
> Comparable stats from SecSpider for a survey of 1056097 zones at
> http://secspider.verisignlabs.com/stats.html
>
> DANE Summary
> 16065 DANE enabled zones with TLSA records
>
> 65 PKIX based Trust Anchor TLSA records (Cert Usage 0)
> 541 PKIX based End Entity TLSA records (Cert Usage 1)
> 266 DANE based Trust Anchor TLSA records (Cert Usage 2)
> 5791 DANE based End Entity TLSA records (Cert Usage 3)
6663
These numbers don't add up to 16065 (their sum is 6663). Surely
there are not many zones (a majority?) with TLSA records with usage
other than 0/1/2/3?
> 425 Zones have deployed TLSA for Secure SMTP (Port 465)
> 124 Zones have deployed TLSA for Secure POP3 (Port 995)
> 503 Zones have deployed TLSA for SMTP with STARTTLS (Port 587)
> 24 Zones have deployed TLSA for Alternate SMTP (Port 2525)
> 3024 Zones have deployed TLSA for HTTPS (Port 443)
> 1996 Zones have deployed TLSA for SMTP (Port 25)
> 72 Zones have deployed TLSA for POP3 (Port 110)
> 294 Zones have deployed TLSA for Secure IMAP (Port 993)
> 201 Zones have deployed TLSA for IMAP (Port 143)
These numbers also add to 6663. Where did the 16k number come
from?
I have found 10.7k domains for DANE SMTP (port 25) in a sample of
4.8M domains of which 120k have DNSSEC for both the domain MX RRset
and for at least one best preference MX host and so can start
publishing TLSA records.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
