On 4/12/21 3:14 PM, Nico Williams wrote:
On Mon, Apr 12, 2021 at 03:04:32PM -0700, Michael Thomas wrote:
On 4/12/21 5:39 AM, Petite Abeille wrote:
As it stands — one has to get out of its way to find it.
dnsimple has good support for it out-of-the-box:
https://support.dnsimple.com/articles/dnssec/
https://dnssec-analyzer.verisignlabs.com/textprotocol.com
https://dnssec-analyzer.verisignlabs.com/textprotocol.net
One of the interesting revelations is that:
1) Google implemented DANE at one point in Chrome
2) Google doesn't currently sign their zone
The implication being that it wasn't a very serious effort to see what would
happen if they don't even sign their own domain.
(1) may have been because of (2), and I believe (2) was because of
internal technical and political issues. I.e., I would not consider it
dispositive that Google seemed to like DANE then gave up on it, though
that and why they did certainly is germane.
Yes, that's what I would assume as well. Build it and they will come has
a sterling track record of failure in IETF.
Mike
