Hi Patrik, > On 13 Apr 2021, at 10:58, Patrik Fältström <paf=40frobbit.se@xxxxxxxxxxxxxx> wrote: > > On 13 Apr 2021, at 10:46, Andrew McConachie wrote: > >> My point is that if people want to see HTTPS/DANE deployments grow they should start hacking HTTPS/DANE validation into the numerous open source projects that act as HTTPS clients. > > I see two issues with HTTPS/DANE (and DNSSEC): > > 1. People in the community have too much focused on getting zones signed instead of getting validation deployed. In Sweden we focused in validation, and as validation is happening basically everywhere, it is worth it to get their zones signed. Yes. The opendnssec team did a phenomenal job, only to be thwarted by secondary servers and amplification attack concerns. My conclusion: why choose? Both validation AND signing is a problem, especially if we do not want to encourage market concentration. Eliot
Attachment:
signature.asc
Description: Message signed with OpenPGP
