Re: [Danish] Proposed WG Charter

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 15 June 2021 20:43 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7F983A3D35 for <danish@ietfa.amsl.com>; Tue, 15 Jun 2021 13:43:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zg7cmP8PKdPv for <danish@ietfa.amsl.com>; Tue, 15 Jun 2021 13:43:30 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D7933A3D3A for <danish@ietf.org>; Tue, 15 Jun 2021 13:43:30 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 449DCC5D7F; Tue, 15 Jun 2021 16:43:29 -0400 (EDT)
Date: Tue, 15 Jun 2021 16:43:29 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: danish@ietf.org
Message-ID: <YMkQ8Vu1pbonlqzG@straasha.imrryr.org>
Reply-To: danish@ietf.org
References: <CAEfM=vRA4P7As25Krc64Q5QTEuQZidpmzWgXWivOxOm8x-9ZAw@mail.gmail.com> <YMZwG/l/pne2tHJF@straasha.imrryr.org> <CAEfM=vT5PErjwY73gEEaFb7v84tdVSWb3p4efz_xL1gApFYvRQ@mail.gmail.com> <YMgCbq/PdTLfzTIu@straasha.imrryr.org> <CAEfM=vQ=U_BuESMPkBzhDC-KJ7usrc29G2OEgA3WTP16Jzd8zA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAEfM=vQ=U_BuESMPkBzhDC-KJ7usrc29G2OEgA3WTP16Jzd8zA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/iR8Gv9kepx_K3eH3IC9fxwUVCaU>
Subject: Re: [Danish] Proposed WG Charter
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 20:43:35 -0000

On Tue, Jun 15, 2021 at 10:26:31AM -0700, Ash Wilson wrote:

> DNSSEC adoption has historically suffered from technical and perception challenges.
                      ------------                             ----------

The technical issues are solvable, and much progress has been made and
continues.  It is time to move beyond the historical misperceptions.

> The current adoption of DNSSEC is disappointing. That number is currently
> 2.47% for the .com TLD (citing this time: http://rick.eng.br/dnssecstat/)

This is misleading.  What's more interesting is the marginal rate of
adoption of new domain registrations.  Recent measurements show this
to be around 20%!  We can make this even more appealing by actually
using DNSSEC in our standards.

> Not all CS college programs include DNSSEC (or PKI, for that matter) at
> sufficient depth. Graduates aren't prepared to champion DNSSEC
> implementation in the face of DNSSEC's perception problems in the
> enterprise.

Or DNS at all, or networking, ... people learn on the job.

> For DNSSEC, the right materials exist. DNSSEC is one of the best-documented
> sets of standards on the Internet. How-to guides are abundant. Nobody can
> say that DNSSEC isn't well-documented.

I can definitely say that, because best-practices are not as well
understood as they should be, and the tools have improved dramatically
recently, so some relearning is required, and the tutorials have not
yet caught up.

There's work to be done, but none of if significantly insurmountable.

-- 
    Viktor.