IETF Logo Mail Archive

Re: [dane] any statistics of deployment available?

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 13 January 2016 18:23 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 817B81B307D for <dane@ietfa.amsl.com>; Wed, 13 Jan 2016 10:23:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQiA0M8Flmc7 for <dane@ietfa.amsl.com>; Wed, 13 Jan 2016 10:23:43 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 015651B307B for <dane@ietf.org>; Wed, 13 Jan 2016 10:23:42 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 12155284E5C; Wed, 13 Jan 2016 18:23:42 +0000 (UTC)
Date: Wed, 13 Jan 2016 18:23:42 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20160113182341.GO18704@mournblade.imrryr.org>
References: <814D0BFB77D95844A01CA29B44CBF8A715B0AEC4@lhreml504-mbs> <20160106131105.GC14398@sys4.de> <20160106191346.GF18704@mournblade.imrryr.org> <D2BBCE19.21C93%gwiley@verisign.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <D2BBCE19.21C93%gwiley@verisign.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/d7r3roiIRTccDUzn2alUOtwIlmQ>
Subject: Re: [dane] any statistics of deployment available?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 18:23:44 -0000

On Wed, Jan 13, 2016 at 02:51:01PM +0000, Wiley, Glen wrote:

> Comparable stats from SecSpider for a survey of 1056097 zones at
> http://secspider.verisignlabs.com/stats.html
> 
> DANE Summary
> 16065 DANE enabled zones with TLSA records
>
> 65 PKIX based Trust Anchor TLSA records (Cert Usage 0)
> 541   PKIX based End Entity TLSA records (Cert Usage 1)
> 266   DANE based Trust Anchor TLSA records (Cert Usage 2)
> 5791  DANE based End Entity TLSA records (Cert Usage 3)

6663

These numbers don't add up to 16065 (their sum is 6663).  Surely
there are not many zones (a majority?) with TLSA records with usage
other than 0/1/2/3?

> 425   Zones have deployed TLSA for Secure SMTP (Port 465)
> 124   Zones have deployed TLSA for Secure POP3 (Port 995)
> 503   Zones have deployed TLSA for SMTP with STARTTLS (Port 587)
> 24 Zones have deployed TLSA for Alternate SMTP (Port 2525)
> 3024  Zones have deployed TLSA for HTTPS (Port 443)
> 1996  Zones have deployed TLSA for SMTP (Port 25)
> 72 Zones have deployed TLSA for POP3 (Port 110)
> 294   Zones have deployed TLSA for Secure IMAP (Port 993)
> 201   Zones have deployed TLSA for IMAP (Port 143)

These numbers also add to 6663.  Where did the 16k number come
from?  

I have found 10.7k domains for DANE SMTP (port 25) in a sample of
4.8M domains of which 120k have DNSSEC for both the domain MX RRset
and for at least one best preference MX host and so can start
publishing TLSA records.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email