> On 28 May 2016, at 3:56 AM, McTim <[log in to unmask]> wrote:
> Or we
>> need to find out better why adoption levels are so low.
> 
> 
> This is a more productive path for NCSG to follow.
> 
> Adoption levels are low because it is hard.
> 
> There is little to no payoff AND it costs (some) money and involves real risks.
> 
> The benefits accrue mostly to others.
> 
> ICANN/ISOC/RIRs and other I*s have been trying to get people to "take
> their medicine" for years.
> 
> There is zero reason for NCSG to re-invent this particular wheel.

NCSG no. If the solution was in ICANN policy, then we’d be doing a lot better than we are, given that its an ICANN priority and so little has been achieved. 

Some of the NGOs in the digital rights space acting together outside NCSG? Perhaps. And ICANN is a convenient place to talk about that sort of initiative because many of the appropriate people are in the same space. 

>> 
>> Is this something we can bring up?
>> 
>> I think this is especially an issue for the NCSG because NGO's,
>> activists and individual users will greatly benefit from increased
>> trust, and more protection against DNS poisoining. With the enormous
>> success of Let's Encrypt (1 milltion certs distributed, covering >2.5
>> million domains) DNSSEC is the next logical step, and adoption is still
>> _very_ low.
> 
> 
> DANE is the next logical step post DNSSEC.  Let's Encrypt is cool tho.

	Yes, DANE is the logical next step. Lets Encrypt is awesome, but DANE and DNSSEC is where go next. 

	DANE and DNSSEC is a bit of a chicken and egg thing. Hardly anyone uses DANE because it needs DNSSEC, but DANE is one of the things that would provide a good reason for deploying DNSSEC if DANE was more widely used. 

	David

> 
> 
> -- 
> Cheers,
> 
> McTim
> "A name indicates what we seek. An address indicates where it is. A
> route indicates how we get there."  Jon Postel