On Mon, Apr 28, 2014 at 2:38 PM, Trevor Freeman <[email protected]> wrote: > We have a range of technologies in the toolkit to address issues identified > by perpass. > > > > One of the candidate technologies is DNSSEC. At a technology level it has > much to commend it. > >
For which aspects of perpass? DNSSEC provides no encryption, so the fact that I'm browsing to something on www.nakedfurries.com is visible to all... Don't get me wrong -- I'm a big DNSSEC (and DANE :-)) proponent, but folk often seem to miss the fact that DNSSEC doesn't do what the name implies... W > > The vast majority of critical TLDs are signed, so another good point in its > favor. > > > > However when you look at the next tier down, the statistics point to a > problem. > > > > According to the Verisign labs scoreboard, 340K+ domains in the .com > namespace are secured by DNSSEC > > http://scoreboard.verisignlabs.com/ > > > > If you express that number as % that is about 0.4% and the growth trend is > about 0.1% per year > > http://scoreboard.verisignlabs.com/percent-trace.png > > > > The trend seems about 2 orders of magnitude below where we need to be for > DNSSEC to be viable in a realistic timescale. > > > > Am I misinterpreting the data? If not, then do we have consensus on what is > blocking deployment? > > > > Trevor > > > > > > > > > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
