alt Hacker NewsNo CA requires DNSSEC. Obviously they can't: almost nothing is signed. The only change "today" is that technically CAs are now required to honor DNSSEC, where they weren't before.
Replies
indolering • yesterday at 6:01 PM
Which is really unfortunate, since it's pretty easy to do.
➕ show 1 reply
I think the fact they don't require it shows it's moribund. If cert providers (or google with their big stick of chrome) specified it is required to have DNSSEC to get a certificate, everyone would jump in line and set it up because there'd be no other choice.