On 2015-09-03 20:31, Evgeny Khramtsov wrote: > Thu, 3 Sep 2015 20:25:27 +0200 > Kim Alvefur <[email protected]> wrote: > >> But seriously, DANE works already¹, why haven't you deployed it >> yet? :) > > That's not true. In some national domains there is no dnssec support. > So DANE works in some countries only. >
Note the smiley. Just because there isn't 100% deployment yet, doesn't mean that it does not work today. I had to switch registrar, self-host my authoritative DNS server and write a bunch of tooling to deploy DANE. So On 2015-09-03 19:25, Andreas Tauscher wrote: > And since it is DNS based it would be > easy to implement. not so much. But it's getting easier. And you can set it up today if you are careful with your choice of TLD, registrar and dns hosting. And there will still be CA-issued certificates around for a long time, so any alternative is likely to be used in parallel where possible and deployed. -- Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
