
A Longitudinal, End-To-End View of the DNSSEC Ecosystem - pjf
https://www.usenix.org/node/203653
======
pjf
An excerpt from abstract:

"Our investigation reveals pervasive mismanagement of the DNSSEC
infrastructure. For example, we found that 31% of domains that support DNSSEC
fail to publish all relevant records required for validation; 39% of the
domains use insufficiently strong key-signing keys; and although 82% of
resolvers in our study request DNSSEC records, only 12% of them actually
attempt to validate them. These results highlight systemic problems, which
motivate improved automation and auditing of DNSSEC management."

