DNSSEC deployment incentives

Tom Ivar Helbekkmo tih at hamartun.priv.no
Wed Jun 19 18:27:34 UTC 2019

Paul Vixie <paul at redbarn.org> writes:

> On Wednesday, 19 June 2019 12:57:39 UTC Phillip Hallam-Baker wrote:
>> On Tue, Jun 18, 2019 at 9:33 PM Viktor Dukhovni <ietf-dane at dukhovni.org>
> ...
>> > But Let's Encrypt de-monetized certificate issuance, so now that
>> > obstacle is moot.
>> It has also eliminated the incentive to deploy DANE for free certs.
> not for me, but i think you may be right in general.

OK, I'll bite.  My impression has been that DANE is unwanted by the
large makers of browsers because their owners also earn money from the
CA business, and widespread use and acceptance of DANE would teach their
customers that they don't necessarily have to pay for certificates to
achieve what they want.

So why would the presence of Let's Encrypt lead to *less* use of DANE?

-tih (who uses DNSSEC, a Let's Encrypt certificate, and TLSA records)
Most people who graduate with CS degrees don't understand the significance
of Lisp.  Lisp is the most important idea in computer science.  --Alan Kay

More information about the dns-operations mailing list