On Tue, Aug 16, 2022 at 02:55:35PM +0000, Paul Hoffman wrote:
> Another way to look at this is not from all signed delegations
> anywhere, but for web sites that are most popular. Using the Tranco
> list, choosing from the top 100,000 names, 6,389 are signed; of those,
> 349 sign with algorithm 5 or 7. Thus, for the popular sites, the
> percentage is closer to 5%, not 1%.
While I'm not impressed by the significance of the last ~900k of the
Tranco list, indeed there is some concentration of deprecated DNSSEC
algorithms closer to the top of the list, among the top 10k we see
the domains below my sig.
How realistic is it to prod these to migrate? The DHS folks had
recently put out an RFP for managed DNS service, not only for the .GOV
registry, but also for operation of the delegated domains, and
presumably at some point many of the .GOV slowpokes might move to a
managed service with more modern keys, ... This will likely take
a couple of years (if not delayed or cancelled).
As for the rest, not clear what would cause them to switch, and how hard
we should try. There hasn't been much downward momentum in algorithm 5
and 7 use after the initial 93% decline at major hosting providers.
[ Even transip.nl, who've migrated all their customers, haven't yet
migrated their own domain. Cobbler's children and all that... ]
--
Viktor.
paypal.com 77
comcast.net 145
cdc.gov 179
ietf.org 473
yandex.com 548
paloaltonetworks.com 633
xfinity.com 646
va.gov 650
nist.gov 664
service-now.com 842
comcast.com 901
cmu.edu 939
uchicago.edu 991
ed.gov 999
uk.com 1065
census.gov 1108
sec.gov 1148
senate.gov 1176
icann.org 1333
accenture.com 1369
centralnic.net 1433
archives.gov 1489
tamu.edu 1542
uspto.gov 1565
treasury.gov 1584
fcc.gov 1638
us.com 1671
paypal.me 1918
pitt.edu 1998
eu.com 2648
hud.gov 2668
defense.gov 2806
mass.gov 2923
eia.gov 2946
federalregister.gov 2996
cms.gov 3030
filezilla-project.org 3168
lsu.edu 3204
nsf.gov 3292
imperial.ac.uk 3434
maryland.gov 3537
tn.gov 3667
transip.nl 3962
supremecourt.gov 4113
us.org 4305
ky.gov 4382
gao.gov 4583
lbl.gov 4598
medicare.gov 4633
handle.net 4699
ustc.edu.cn 4706
paypalobjects.com 5051
d-net.pro 5119
healthcare.gov 5123
consumerfinance.gov 5458
tznic.or.tz 6065
ru.com 6243
planalto.gov.br 6366
kh.edu.tw 6652
ga.gov 6658
uib.no 6738
umbc.edu 6869
hrsa.gov 7076
k8.com.br 7217
paypalinc.com 7314
nrel.gov 7599
uniregistry.info 7608
llnl.gov 7663
export.gov 7833
ic.ac.uk 7890
treas.gov 8072
upf.edu 8217
concordia.ca 8258
nga.gov 8366
in.net 8431
nau.edu 8480
ulisboa.pt 8650
comcastbusiness.net 8769
bea.gov 9250
uscg.mil 9579
szu.edu.cn 9745
nsa.gov 9862
uniregistry.net 9974
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
