On Fri, Jul 10, 2026 at 10:33 AM Paul Wouters <paul=
[email protected]> wrote:
> On Fri, 10 Jul 2026, Philip Homburg wrote:
>
> >> When will I get DANE requiring DNSSEC support on my mobile devices?
> >
> > In theory it should be easy. Not that I expect it to happen because there
> > is no easy way to make money.
>
> Whatever the reason, in practise it means whatever the IETF designs that
> needs DNSSEC as client auth isn't going to get deployed.
>
I know Paul is aware of this work, but I just want to mention, for others,
this proposed spec from the DANCE working group:
https://datatracker.ietf.org/doc/html/draft-ietf-dance-client-auth-12
I am also fairly skeptical about solutions like this being "generally"
useful for client auth, due to the very low penetration of DNSSEC
deployment (though it could be one option amongst a set of solutions that
cover a wider range of use cases). The spec above was designed for specific
scenarios where the parties have deployed DNSSEC infrastructure available.
And there is some level of interest (we just got recently pinged by some
Email folks about this).
Shumon.
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]