[dns-operations] DNSSEC deployment incentives
Paul Vixie
paul at redbarn.org
Tue Jun 18 23:01:33 UTC 2019
On Tuesday, 18 June 2019 21:31:51 UTC John R Levine wrote:
...
>
> There's no question that CAs are very broken, but there's also no question
> that browsers have been reluctant to use TLSA so you can't actually
> depend on it.
there was a time when we couldn't depend on EDNS. and on DNS. and on SMTP. and
on IPv6. all of those had pre-existing competitors. we made these new things
relevant by ignoring the wishes those who preferred the old ways. as we will
with DANE.
--
Paul
More information about the dns-operations
mailing list