[145111] in North American Network Operators' Group
Re: Nxdomain redirect revenue
daemon@ATHENA.MIT.EDU (Rubens Kuhl)
Tue Sep 27 19:34:25 2011
In-Reply-To: <CAE4VuKFASMmaNnDexDfF_8YiEp8dmL6vE+4Y2Cmx3X38GqTtjA@mail.gmail.com>
Date: Tue, 27 Sep 2011 20:34:15 -0300
From: Rubens Kuhl <rubensk@gmail.com>
To: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Sep 27, 2011 at 7:29 PM, David E. Smith <dave@mvn.net> wrote:
> On Tue, Sep 27, 2011 at 17:08, Jimmy Hess <mysidia@gmail.com> wrote:
>> That is, HTTPs should become assumed.
>
> As much as that would be wonderful from a security standpoint, IMO
> it's not realistic to expect every mom-and-pop posting a personal Web
> site to pay extra for a static/dedicated IP address from their hosting
> company (even if IPv6 were widely deployed, Web hosts probably would
> charge extra for this just on principle), and to pay extra for an SSL
> certificate, even a "weak" one that only verifies the domain name.
Self-signed certificates published thru DNSSEC using CAA/DANE can cost nothing.
(And somebody else pointed out SNI to have TLS work without exclusive
IP requirement)
Rubens
