Re: [Shutup] [ietf-smtp] DNSSEC, was New Version Notification for draft-fenton-smtp-require-tls-00.txt
"Rolf E. Sonneveld" <r.e.sonneveld@sonnection.nl> Tue, 12 January 2016 08:56 UTC
Return-Path: <r.e.sonneveld@sonnection.nl>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 064881A1B43; Tue, 12 Jan 2016 00:56:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.802
X-Spam-Level:
X-Spam-Status: No, score=-0.802 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nSQa9rYGirFU; Tue, 12 Jan 2016 00:56:19 -0800 (PST)
Received: from mx20.mailtransaction.com (mx20.mailtransaction.com [78.46.16.213]) by ietfa.amsl.com (Postfix) with ESMTP id D77BE1A1B7C; Tue, 12 Jan 2016 00:56:17 -0800 (PST)
Received: from mx14.mailtransaction.com (mx11.mailtransaction.com [88.198.59.230]) by mx20.mailtransaction.com (Postfix) with ESMTP id 3pfm3N1WzSz1L8rt; Tue, 12 Jan 2016 09:56:16 +0100 (CET)
Received: from jaguar.sonnection.nl (D57E1702.static.ziggozakelijk.nl [213.126.23.2]) by mx14.mailtransaction.com (Postfix) with ESMTP id 3pfm3N020sz5Mgg9; Tue, 12 Jan 2016 09:56:16 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by jaguar.sonnection.nl (Postfix) with ESMTP id B90C912358C; Tue, 12 Jan 2016 09:56:15 +0100 (CET)
X-Virus-Scanned: amavisd-new at sonnection.nl
Received: from jaguar.sonnection.nl ([127.0.0.1]) by localhost (jaguar.sonnection.nl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id sVxx6ScftJCp; Tue, 12 Jan 2016 09:56:12 +0100 (CET)
Received: from jaguar.sonnection.nl (jaguar.sonnection.nl [192.168.1.21]) by jaguar.sonnection.nl (Postfix) with ESMTP id A1F7F123577; Tue, 12 Jan 2016 09:56:12 +0100 (CET)
Date: Tue, 12 Jan 2016 09:56:11 +0100
From: "Rolf E. Sonneveld" <r.e.sonneveld@sonnection.nl>
To: John Levine <johnl@taugh.com>
Message-ID: <1116616617.55894.1452588971191.JavaMail.root@sonnection.nl>
In-Reply-To: <20160112020041.49761.qmail@ary.lan>
References: <20160112020041.49761.qmail@ary.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Zimbra 8.0.0_GA_5434 (ZimbraWebClient - FF43 (Linux)/8.0.0_GA_5434)
Thread-Topic: DNSSEC, was New Version Notification for draft-fenton-smtp-require-tls-00.txt
Thread-Index: LR6ctqFrCYKojf8YMRQnguinaXoyFw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sonnection.nl; s=2009; t=1452588976; bh=lWXti7F4mjw12bdtIvV0GwgzO5opRB8x99NTCIXMjwE=; h=Date:From:To:Message-ID:Subject:From; b=fIwG5/TelN7Bqd7KG9644RcJNEuh6kemDhbXaFB51EJY6ddyVWaQ6ZuYeVBIamBt1 F27iPKDf0i48393lpycEi1RCEa76xNCZ6dh/MHGIRv2rthD8VY3TnL9D0O6dlgLs8Q 4a48xKL1DZlNd7l/ItmC1XrTjVLyubfEEeoQbW1A=
DKIM-Filter: OpenDKIM Filter v2.8.2 mx20.mailtransaction.com 3pfm3N1WzSz1L8rt
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/HF1Nld1cku_4zgG20CRDRWtrkYo>
Cc: mrsam@courier-mta.com, shutup@ietf.org, ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] DNSSEC, was New Version Notification for draft-fenton-smtp-require-tls-00.txt
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 08:56:21 -0000
> >Last time I checked, setting up DNSSEC is still a bit painful. Few > >registrars, TMK, support DNSSEC directly. Maybe this has changed. > > https://www.icann.org/resources/pages/deployment-2012-02-25-en > > It's changed somewhat. Some large registrars like Godaddy, Gandi, > and > Tucows support it, some like NetSol don't. I have about 300 zones on > my DNS server, all signed locally, but I've only been able to upload > the DS records for half of them. > > For DANE, application software that supports TLSA and DNSSEC based > TLS > verification is still pretty thin. Versions of opsnssl with DANE > support only became available within the past month. > > Having said all that, it's still far from clear to me that something > other than DANE would work any better, particularly considering how > cruddy the CA world is turning out to be. As with IPv6 it considerably varies per country/region/TLD. Statistics for the ccTLD .nl can be found here: http://stats.sidnlabs.nl/#dnssec It appears some 43.9 percent of the 5.5 million domainnames under .nl are signed (2.4 million domainnames). The page shows also some information about DANE queries. This however doesn't say anything about the registrars... /rolf
- Re: [Shutup] [ietf-smtp] DNSSEC, was New Version … John Levine
- Re: [Shutup] [ietf-smtp] DNSSEC, was New Version … Rolf E. Sonneveld