ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] DNSSEC, was New Version Notification for draft-fenton-smtp-require-tls-00.txt

2016-01-12 02:56:35
Last time I checked, setting up DNSSEC is still a bit painful. Few
registrars, TMK, support DNSSEC directly. Maybe this has changed.

https://www.icann.org/resources/pages/deployment-2012-02-25-en

It's changed somewhat.  Some large registrars like Godaddy, Gandi,
and
Tucows support it, some like NetSol don't.  I have about 300 zones on
my DNS server, all signed locally, but I've only been able to upload
the DS records for half of them.

For DANE, application software that supports TLSA and DNSSEC based
TLS
verification is still pretty thin.  Versions of opsnssl with DANE
support only became available within the past month.

Having said all that, it's still far from clear to me that something
other than DANE would work any better, particularly considering how
cruddy the CA world is turning out to be.

As with IPv6 it considerably varies per country/region/TLD. Statistics for the 
ccTLD .nl can be found here:

http://stats.sidnlabs.nl/#dnssec

It appears some 43.9 percent of the 5.5 million domainnames under .nl are 
signed (2.4 million domainnames). The page shows also some information about 
DANE queries. This however doesn't say anything about the registrars...

/rolf

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>