On 10/14/20, 2:24 PM, "dns-operations on behalf of Viktor Dukhovni" <dns-operations-boun...@dns-oarc.net on behalf of ietf-d...@dukhovni.org> wrote:
>These give a much broader picture of DNSSEC practice that what one learns by >looking at just the ~1500 TLD DNS/DNSKEY RRsets. That's true. Drawing from an old conversation on the data I've been curating "how (or what) you measure depends on why you measure." My goal has been to characterize DNSSEC operations among the TLDs, particularly the timing of events. (E.g., the passing phases of a key's lifecycle.) For that, duration, consistency, and stability of the data is important. There are plenty of other measures to make. The data set with which I work focuses just on the "core" of the infrastructure, not the popular use of the system. It's pretty easy to see that, while 90-91% of TLDs have DNSSEC, other estimates show that about 30% of resolvers and lower percentages of delegations are signed, that looking only at the TLDs one isn't getting a full view. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
