IMO Debian should push hard for DANE, enabling it in software that currently has code but chooses not to enable by default, applying patches that are stuck in limbo, that sort of thing.
For the commercial heavy weights there is no incentive to move on DANE unless/ until we get another batch of popular press stories about the SSL CAs being crooked that make them look complicit. My assumption would be that new item #1 on the budget at Verisign after its last problems was not "internal audits" or "beefed up processes" but "Hire PR consultants to do damage control".
So the impetus has to come from Free Software.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds