On Mon, Apr 16, 2018, 1:31 PM Rolf E. Sonneveld <r.e.sonnev...@sonnection.nl>
> On 16-04-18 21:39, Brandon Long via mailop wrote:
> > I think this is an interesting stance, and I'm sure you've heard the
> > objections to
> > this before. You don't have to trust every CA, you certainly don't need
> > trust every
> > CA for every host, and there are other tools to be used here such as cert
> > transparency.
> > Also, maybe at some point the popular DNS providers will have point &
> > DNSSEC
> > and DANE configuration, until then, I believe it's much easier for end
> > users to use MTA-STS.
> > Note that at our last look, none of the popular providers allowed users
> > specify a TXT record
> > large enough for a 2k DKIM key, for example.
> Here in the Netherlands many if not most providers offer DNSSEC for
> their customers and most of them who do, offer a web based management
> interface to add TLSA records. The .nl zone is the fourth largest ccTLD
> with over 5.5 million registered domainnames  and some 50 percent of
> it are DNSSEC secured.
>  https://stats.sidnlabs.nl/#/home
Yeah, I remember Viktor had some great stats on these things, and there are
definitely some European countries doing a much better job than the big
three tlds. I'm looking forward to more penetration of these things.
mailop mailing list