[dns-operations] [Ext] Progress on algorithm 5 and 7 decommissioning

Edward Lewis edward.lewis at icann.org
Fri Oct 16 20:13:12 UTC 2020

On 10/14/20, 2:24 PM, "dns-operations on behalf of Viktor Dukhovni" <dns-operations-bounces at dns-oarc.net on behalf of ietf-dane at dukhovni.org> wrote:

>These give a much broader picture of DNSSEC practice that what one learns by looking at just the ~1500 TLD DNS/DNSKEY RRsets.

That's true.  Drawing from an old conversation on the data I've been curating "how (or what) you measure depends on why you measure."  My goal has been to characterize DNSSEC operations among the TLDs, particularly the timing of events.  (E.g., the passing phases of a key's lifecycle.)  For that, duration, consistency, and stability of the data is important.

There are plenty of other measures to make.  The data set with which I work focuses just on the "core" of the infrastructure, not the popular use of the system.  It's pretty easy to see that, while 90-91% of TLDs have DNSSEC, other estimates show that about 30% of resolvers and lower percentages of delegations are signed, that looking only at the TLDs one isn't getting a full view.

More information about the dns-operations mailing list