On Mon, Apr 12, 2021 at 03:04:32PM -0700, Michael Thomas wrote: > On 4/12/21 5:39 AM, Petite Abeille wrote: > > As it stands — one has to get out of its way to find it. > > > > dnsimple has good support for it out-of-the-box: > > > > https://support.dnsimple.com/articles/dnssec/ > > > > https://dnssec-analyzer.verisignlabs.com/textprotocol.com > > https://dnssec-analyzer.verisignlabs.com/textprotocol.net > > > One of the interesting revelations is that: > > 1) Google implemented DANE at one point in Chrome > > 2) Google doesn't currently sign their zone > > The implication being that it wasn't a very serious effort to see what would > happen if they don't even sign their own domain. (1) may have been because of (2), and I believe (2) was because of internal technical and political issues. I.e., I would not consider it dispositive that Google seemed to like DANE then gave up on it, though that and why they did certainly is germane. Nico --
