[145081] in North American Network Operators' Group
Re: Nxdomain redirect revenue
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Sep 27 10:20:11 2011
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: Your message of "Tue, 27 Sep 2011 09:27:00 EDT."
<CAL9jLaaOdE3djf6UnYGwdBnuGRnQ3iMbc+QAMT4nYtKL5LDhdg@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 27 Sep 2011 10:19:35 -0400
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1317133175_14307P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 Sep 2011 09:27:00 EDT, Christopher Morrow said:
> On Tue, Sep 27, 2011 at 7:50 AM, Jimmy Hess <mysidia@gmail.com> wrote:
> > I would rather see DNSSEC and TLS/HTTPS get implemented end to end.
>
> how does tls/https help here? if you get sent to the 'wrong host'
> whether or not it does https/tls is irrelevant, no? (save the case of
> chrome and domain pinning)
Well, actually, Chrome-like domain pinning and/or using DNSSEC to verify the
provenance of an SSL cert is the whiole reason Jimmy probably wants DNSSEC and
TLS...Unless you do that sort of stuff, there's no way to *tell* if you ended
up at the wrong host...
--==_Exmh_1317133175_14307P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFOgdt3cC3lWbTT17ARAgZ7AKCJK3oQtZMoQ6Vr/OoTlk5Fj1JtnACg9FJZ
y4s921D7/jcpNxuAhFRCIbM=
=uICD
-----END PGP SIGNATURE-----
--==_Exmh_1317133175_14307P--
