We have a range of technologies in the toolkit to address issues identified by perpass.
One of the candidate technologies is DNSSEC. At a technology level it has much to commend it. The vast majority of critical TLDs are signed, so another good point in its favor. However when you look at the next tier down, the statistics point to a problem. According to the Verisign labs scoreboard, 340K+ domains in the .com namespace are secured by DNSSEC http://scoreboard.verisignlabs.com/ If you express that number as % that is about 0.4% and the growth trend is about 0.1% per year http://scoreboard.verisignlabs.com/percent-trace.png The trend seems about 2 orders of magnitude below where we need to be for DNSSEC to be viable in a realistic timescale. Am I misinterpreting the data? If not, then do we have consensus on what is blocking deployment? Trevor
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
