On Tue, Apr 19, 2016 at 05:19:50PM +0200, Dirk Stöcker wrote: > >In my survey of 12000 DANE TLSA-enabled domains 545 are using LE > >certificates. > > Is this compared to the ~9600 in December last year? That would be 25% > increase in your survey?
Yes, but some of that is due to new methods to find candidate domains, not just more domains found with the same methods. > >>I'm considering moving to LE but would like some feedback (last post on > >>this thread was four months ago so early adopters should have > >>experienced a renewal by now) > > In case you do not know: > > There are two other options for free domain verified certificates: > > https://www.startssl.com/ - per cert: 1 domain, 1 year > https://buy.wosign.com/free/?lan=en - per cert: up to 5 domains, 1-3 years https://www.ietf.org/mail-archive/web/uta/current/msg01487.html Top 10 issuers of certs for DANE MX hosts: 172 ; Issuer = CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL 166 ; Issuer = CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB 165 ; Issuer = CN=Let's Encrypt Authority X1,O=Let's Encrypt,C=US 91 ; Issuer = CN=StartCom Class 2 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL 90 ; Issuer = CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR 81 ; Issuer = CN=StartCom Class 1 DV Server CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL 63 ; Issuer = CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US 62 ; Issuer = CN=RapidSSL SHA256 CA - G3,O=GeoTrust Inc.,C=US 38 ; Issuer = CN=WoSign CA Free SSL Certificate G2,O=WoSign CA Limited,C=CN 33 ; Issuer = CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. ( Note some of the MX hosts support many hundreds of domains, the above counts the issuer just once for each issued certificate, not once per domain served. ) -- Viktor.
