[dns-operations] DNSSEC deployment incentives

Paul Vixie paul at redbarn.org
Tue Jun 18 23:01:33 UTC 2019

On Tuesday, 18 June 2019 21:31:51 UTC John R Levine wrote:
> There's no question that CAs are very broken, but there's also no question
> that browsers have been reluctant to use TLSA so you can't actually
> depend on it.

there was a time when we couldn't depend on EDNS. and on DNS. and on SMTP. and 
on IPv6. all of those had pre-existing competitors. we made these new things 
relevant by ignoring the wishes those who preferred the old ways. as we will 
with DANE.


More information about the dns-operations mailing list