IETF Logo Mail Archive

Re: [dane] any statistics of deployment available?

"Wiley, Glen" <gwiley@verisign.com> Wed, 13 January 2016 14:51 UTC

Return-Path: <gwiley@verisign.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 580C71B2E71 for <dane@ietfa.amsl.com>; Wed, 13 Jan 2016 06:51:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BFiujF1mZkDi for <dane@ietfa.amsl.com>; Wed, 13 Jan 2016 06:51:04 -0800 (PST)
Received: from mail-oi0-x263.google.com (mail-oi0-x263.google.com [IPv6:2607:f8b0:4003:c06::263]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DF961B2E66 for <dane@ietf.org>; Wed, 13 Jan 2016 06:51:04 -0800 (PST)
Received: by mail-oi0-x263.google.com with SMTP id j3so9618575oig.2 for <dane@ietf.org>; Wed, 13 Jan 2016 06:51:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verisign-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language:user-agent :content-type:content-id:content-transfer-encoding:mime-version; bh=0jY6aTg4RWm7fBiWseLCM8lhmLzCeMCYPfZN2oCiG8I=; b=ffos6B5jgQ9t//uX6b1AS+oQA95T+H5PR1sMYP1bfTRmichm2N+hWNlBu4LLKup4OL aKmirVz3Vs+dI05iZ2DXu+zRoZm2peqv7TxqldAMV0JOre53HHylkem5mpsFHt5Dvga6 hZqsMqGIdYC4SJXOWcP/2rK/UWJbs7NBo0imWpbQmQ/ZzaLmpbB1EIXogAeRsSL5e+H2 G+kXAc+3JHqhEVptOMC9WsNwojdK+GjLCx2l0Ddi/BJC3r4idbecuO8HY97BZRYMOuee Pr2besehv+JWomf4caQ32F1D+ak6y5DvxfQ0/0fcqdCiXAApDQ/+5CodCuUfcCb0/s71 1dRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:thread-topic:thread-index:date :message-id:references:in-reply-to:accept-language:content-language :user-agent:content-type:content-id:content-transfer-encoding :mime-version; bh=0jY6aTg4RWm7fBiWseLCM8lhmLzCeMCYPfZN2oCiG8I=; b=GYlLPoiPhwb7jJXwDdydp6nV6B1T5FgmqhvdZzFcop65dEDtiHsz5BeFalTNZpi3Z8 ZP+WbkaOL+la4FLAkWruKQVhN/si3WPO08Hm+UdGMO96HxHD+Ia3Y2wJVTur/bOvOyaJ 4Huort2R3BclVcnlZnXvN4Pcxcdlc13nckINlHJ9NyAcuyH4F41DM4vcfK1Z1VKYMOb1 LMTBfDjiP25iYDdwrXeOCpSPJJi5SOPnBduMfZRKYaQnD38VN9dbL7HAmFzdamFuqPgV 0IJntrf6AddIvkCYCSwCjKwQspbK1vByBryceCSRFnryVaxMYJ70dO3oe8PT63n+jPSd TgLA==
X-Gm-Message-State: ALoCoQmP8MvYfAfkYB4+FygcT4NVAKYYfwVPIXvYPLqR+GKSU6/Th6tJEQfd+0MKFX4fVmjKtHT9WkRN1hnuUMdEDbYeSegXueQUWNgUc/H2oR/RXgMgXyk=
X-Received: by 10.140.249.2 with SMTP id u2mr187075380qhc.53.1452696663926; Wed, 13 Jan 2016 06:51:03 -0800 (PST)
Received: from brn1lxmailout02.verisign.com (brn1lxmailout02.verisign.com. [72.13.63.42]) by smtp-relay.gmail.com with ESMTPS id y135sm222802qky.9.2016.01.13.06.51.03 for <dane@ietf.org> (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 13 Jan 2016 06:51:03 -0800 (PST)
X-Relaying-Domain: verisign.com
Received: from brn1wnexcas02.vcorp.ad.vrsn.com (brn1wnexcas02 [10.173.152.206]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id u0DEp3tU027686 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <dane@ietf.org>; Wed, 13 Jan 2016 09:51:03 -0500
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas02.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Wed, 13 Jan 2016 09:51:03 -0500
From: "Wiley, Glen" <gwiley@verisign.com>
To: "dane@ietf.org" <dane@ietf.org>
Thread-Topic: [dane] any statistics of deployment available?
Thread-Index: AdFIeslBxynRdYetRzmHZNYubTMahgAMtMUAAAyqfgABTGYggA==
Date: Wed, 13 Jan 2016 14:51:01 +0000
Message-ID: <D2BBCE19.21C93%gwiley@verisign.com>
References: <814D0BFB77D95844A01CA29B44CBF8A715B0AEC4@lhreml504-mbs> <20160106131105.GC14398@sys4.de> <20160106191346.GF18704@mournblade.imrryr.org>
In-Reply-To: <20160106191346.GF18704@mournblade.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2CA6877A5995774EA92F48B722224569@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/YhN5HCUnnvQuslGF2dIs8KHGhoc>
Subject: Re: [dane] any statistics of deployment available?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 14:51:06 -0000

Comparable stats from SecSpider for a survey of 1056097 zones at
http://secspider.verisignlabs.com/stats.html

DANE Summary
16065 DANE enabled zones with TLSA records
65 PKIX based Trust Anchor TLSA records (Cert Usage 0)
541   PKIX based End Entity TLSA records (Cert Usage 1)
266   DANE based Trust Anchor TLSA records (Cert Usage 2)
5791  DANE based End Entity TLSA records (Cert Usage 3)
425   Zones have deployed TLSA for Secure SMTP (Port 465)
124   Zones have deployed TLSA for Secure POP3 (Port 995)
503   Zones have deployed TLSA for SMTP with STARTTLS (Port 587)
24 Zones have deployed TLSA for Alternate SMTP (Port 2525)
3024  Zones have deployed TLSA for HTTPS (Port 443)
1996  Zones have deployed TLSA for SMTP (Port 25)
72 Zones have deployed TLSA for POP3 (Port 110)
294   Zones have deployed TLSA for Secure IMAP (Port 993)
201   Zones have deployed TLSA for IMAP (Port 143)





On 1/6/16, 2:13 PM, "Viktor Dukhovni" <ietf-dane@dukhovni.org> wrote:

>On Wed, Jan 06, 2016 at 02:11:06PM +0100, Patrick Ben Koetter wrote:
>
>> > Is there any statistics or a site that I can find regarding the
>>deployment of DANE over the internet?
>> 
>> We did a complete IPv4 scan two weeks ago. AFAIK Viktor is about to
>>analyse
>> the data. But I don't know when he will be able to present results.
>
>I don't have the scan data yet, but I will look.  At present my
>survey has found just over 10400 domains with working DANE TLSA
>records for SMTP, a majority of these are from a three hosting
>providers:
>
>    5146 udmedia.de
>    1199 mx.transip.email
>     933 mx.nederhost.net
>
>Based on email discussion with the top two, it seems I've captured
>around 10% of their actual deployed numbers, so the number of SMTP
>domains is around 100k, with over 95% of these hosted by the above
>providers.
>
>The number of SMTP DANE domains that are "large enough" by whatever
>criteria Gmail uses to list a domain in its email transparency
>report stands at 30 (was 24 in early October).
>
>We're still early in the deployment process, but DANE support in
>OpenSSL will be available soon, which I think will help.  Hard to
>adopt a standard with no "running code".
>
>Two of the six DANE patches scheduled for review have been reviewed
>and are now part of OpenSSL 1.1.0-dev, the rest will join them soon
>I hope.
>
>-- 
>	Viktor.
>
>_______________________________________________
>dane mailing list
>dane@ietf.org
>https://www.ietf.org/mailman/listinfo/dane

v2.23.0 | Report a Bug | By Email