[145330] in North American Network Operators' Group
Re: Nxdomain redirect revenue
daemon@ATHENA.MIT.EDU (Brian Smith)
Tue Oct 4 15:54:28 2011
Date: Tue, 04 Oct 2011 15:54:14 -0400
From: Brian Smith <pingwin@gmail.com>
To: Jimmy Hess <mysidia@gmail.com>
In-Reply-To: <CAAAwwbX8LE7X1vNSr+=ZOWdRjgXxRUy=PaC_A21Vi46-H-EEgA@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
<snip>
On 09/27/2011 07:55 PM, Jimmy Hess wrote:
> the goal behind this would be integrity, not confidentiality. The
> objective of using SSL is not to strongly encrypt data to keep it
> secret, it's to apply whatever is necessary to provide a level of
> integrity assurance.
</snip>
If all you want is integrity then shouldn't you argue that every
computer should operate a DNSSEC validating recursive resolver on the
machine? After all that is the point of DNSSEC after all isn't it, the
validation of DNS records for endpoint authenticity.
Even still SNI isn't even widely supported by the major browsers as I
understand it.
just my 2c
