On Tue, Aug 16, 2022 at 02:55:35PM +0000, Paul Hoffman wrote: > Another way to look at this is not from all signed delegations > anywhere, but for web sites that are most popular. Using the Tranco > list, choosing from the top 100,000 names, 6,389 are signed; of those, > 349 sign with algorithm 5 or 7. Thus, for the popular sites, the > percentage is closer to 5%, not 1%.
While I'm not impressed by the significance of the last ~900k of the Tranco list, indeed there is some concentration of deprecated DNSSEC algorithms closer to the top of the list, among the top 10k we see the domains below my sig. How realistic is it to prod these to migrate? The DHS folks had recently put out an RFP for managed DNS service, not only for the .GOV registry, but also for operation of the delegated domains, and presumably at some point many of the .GOV slowpokes might move to a managed service with more modern keys, ... This will likely take a couple of years (if not delayed or cancelled). As for the rest, not clear what would cause them to switch, and how hard we should try. There hasn't been much downward momentum in algorithm 5 and 7 use after the initial 93% decline at major hosting providers. [ Even transip.nl, who've migrated all their customers, haven't yet migrated their own domain. Cobbler's children and all that... ] -- Viktor. paypal.com 77 comcast.net 145 cdc.gov 179 ietf.org 473 yandex.com 548 paloaltonetworks.com 633 xfinity.com 646 va.gov 650 nist.gov 664 service-now.com 842 comcast.com 901 cmu.edu 939 uchicago.edu 991 ed.gov 999 uk.com 1065 census.gov 1108 sec.gov 1148 senate.gov 1176 icann.org 1333 accenture.com 1369 centralnic.net 1433 archives.gov 1489 tamu.edu 1542 uspto.gov 1565 treasury.gov 1584 fcc.gov 1638 us.com 1671 paypal.me 1918 pitt.edu 1998 eu.com 2648 hud.gov 2668 defense.gov 2806 mass.gov 2923 eia.gov 2946 federalregister.gov 2996 cms.gov 3030 filezilla-project.org 3168 lsu.edu 3204 nsf.gov 3292 imperial.ac.uk 3434 maryland.gov 3537 tn.gov 3667 transip.nl 3962 supremecourt.gov 4113 us.org 4305 ky.gov 4382 gao.gov 4583 lbl.gov 4598 medicare.gov 4633 handle.net 4699 ustc.edu.cn 4706 paypalobjects.com 5051 d-net.pro 5119 healthcare.gov 5123 consumerfinance.gov 5458 tznic.or.tz 6065 ru.com 6243 planalto.gov.br 6366 kh.edu.tw 6652 ga.gov 6658 uib.no 6738 umbc.edu 6869 hrsa.gov 7076 k8.com.br 7217 paypalinc.com 7314 nrel.gov 7599 uniregistry.info 7608 llnl.gov 7663 export.gov 7833 ic.ac.uk 7890 treas.gov 8072 upf.edu 8217 concordia.ca 8258 nga.gov 8366 in.net 8431 nau.edu 8480 ulisboa.pt 8650 comcastbusiness.net 8769 bea.gov 9250 uscg.mil 9579 szu.edu.cn 9745 nsa.gov 9862 uniregistry.net 9974 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop