[dns-operations] .FI going insecure for two weeks (!)
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Dec 18 07:16:57 UTC 2024
On Wed, Dec 18, 2024 at 07:58:33AM +0100, Philip Homburg wrote:
> >
> > My understanding is that they are using a signer that does not make algorithm rollovers easy. They are going for what seems to be less risky for them.
> >
>
> To put it more strongly, what I got through the grapevine is that the issue
> is one risk assessment. There is a risk that something will go wrong and
> that .fi will become bogus. On the other hand, there is essentially no
> DNSSEC use by bigger sites in .fi.
>
>
> There are about 7000 sites in .fi that do DANE, but it seems that those are
> not important enough to warrant keeping .fi signed.
FWIW, the top 10 Tranco-rated .fi DNSSEC-signed web domains are:
foreca․fi 9291
plat․fi 34059
iki․fi 35603
kapsi․fi 43283
zoner․fi 49867
s-pankki․fi 52346
suomi․fi 53896
gigantti․fi 59963
finlandabroad․fi 61954
kennelliitto․fi 66979
Though Tranco is a not a particularly good fit for guaging the
importance of email domains, the top 10 Tranco-rated DANE-SMTP
domains are:
iki.fi 35603
io-tech.fi 73354
f-solutions.fi 175343
tsv.fi 237806
foobar.fi 252011
ivr.fi 256200
trex.fi 284843
mau.fi 338539
riemurasia.fi 423891
handelsbanken.fi 426719
--
Viktor.
More information about the dns-operations
mailing list