Re: [dane] deployment of DANE
Warren Kumari <warren@kumari.net> Tue, 25 September 2012 19:29 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58F7B21F8965 for <dane@ietfa.amsl.com>; Tue, 25 Sep 2012 12:29:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.132
X-Spam-Level:
X-Spam-Status: No, score=-101.132 tagged_above=-999 required=5 tests=[AWL=0.867, BAYES_00=-2.599, J_CHICKENPOX_57=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nHZsg93sGyEN for <dane@ietfa.amsl.com>; Tue, 25 Sep 2012 12:28:59 -0700 (PDT)
Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id A955521F895E for <dane@ietf.org>; Tue, 25 Sep 2012 12:28:59 -0700 (PDT)
Received: from [192.168.1.201] (unknown [62.50.236.58]) by vimes.kumari.net (Postfix) with ESMTPSA id 1FA471B40207; Tue, 25 Sep 2012 15:28:57 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\))
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <D70512B7-6F48-4BCA-9AD3-3783715ACA12@danyork.org>
Date: Tue, 25 Sep 2012 21:28:57 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <2F49A732-394A-4AD5-B14B-89D46CCFE071@kumari.net>
References: <6E1939C1-E3EB-4A00-B553-7A0EF640C01A@bblfish.net> <D70512B7-6F48-4BCA-9AD3-3783715ACA12@danyork.org>
To: Dan York <dan-ietf@danyork.org>
X-Mailer: Apple Mail (2.1486)
Cc: IETF DANE WG list <dane@ietf.org>
Subject: Re: [dane] deployment of DANE
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2012 19:29:00 -0000
On Sep 25, 2012, at 7:44 PM, Dan York <dan-ietf@danyork.org> wrote: > So in a funny bit of synchronicity, I just turned to my mail client to write basically this exact message that Henry sent this morning: > > On Sep 25, 2012, at 4:13 AM, Henry Story wrote: > >> Any feedback on advances on deployment of DANE in browsers? >> >> Are there any browsers that support this already, are working on it? > > I also am very interested in this info. My work is with the Internet Society's Deploy360 Programme ( http://www.internetsociety.org/deploy360/ ) where our focus is on promoting materials and information to accelerate the deployment of DNSSEC and IPv6. I have lately been promoting the work of this (DANE) working group in recent presentations at conferences and there has been quite a good bit of interest in DANE. I see DANE as providing an excellent reason for companies and organizations to deploy DNSSEC (in fact perhaps *THE* reason for some companies) and it finally gives us a way to talk about how DNSSEC and TLS/SSL can complement each other to provide a more secure solution. > > But... if there's no timeframe for seeing DANE actually deployed in browsers... then... I'm winding up setting expectations for something that may not happen. :-( > > Any info about there on getting it in Chrome? Firefox? Opera? IE? Safari? Something that would be very helpful for getting this deployed / implemented in browsers is number of folk (and more importantly, organizations) stating that they are planning on / would do DANE if the browsers supported it natively. Of course, even more helpful would be folk actually publishing TLSA records :-P The browser vendors all have limited cycles, and many many things to implement -- showing that this is something that users (and not just security weenie users) want and plan to use helps to prioritize developer time. Initially the browser vendors might be most willing to support DANE / TLSA as a fallback for things like self signed certs before enabling it all the time. Yes, this is suboptimal, but browser folk are (rightly) concerned about performance *and* additional DNS load, so this provides a useful shoe in the door / demo… W > > Any and all info would be greatly appreciated. > > Thanks, > Dan > > -- > Dan York dyork@lodestar2.com > http://www.danyork.me/ skype:danyork > Phone: +1-802-735-1624 > Twitter - http://twitter.com/danyork > > > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane
- [dane] deployment of DANE Henry Story
- Re: [dane] deployment of DANE Dan York
- Re: [dane] deployment of DANE Leif Johansson
- Re: [dane] deployment of DANE Warren Kumari
- Re: [dane] deployment of DANE Peter Palfrader