[145331] in North American Network Operators' Group
Re: Nxdomain redirect revenue
daemon@ATHENA.MIT.EDU (Brian Smith)
Tue Oct 4 15:55:34 2011
Date: Tue, 04 Oct 2011 15:55:22 -0400
From: Brian Smith <pingwin@gmail.com>
To: Rubens Kuhl <rubensk@gmail.com>
In-Reply-To: <CAGFn2k3wbhBxRxtKaOU8V8F4FmAZuqB59WQw_EGwwE=ekghrwA@mail.gmail.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
+1 to the use of CAA/DANE
-brian
On 09/27/2011 07:34 PM, Rubens Kuhl wrote:
> On Tue, Sep 27, 2011 at 7:29 PM, David E. Smith<dave@mvn.net> wrote:
>> On Tue, Sep 27, 2011 at 17:08, Jimmy Hess<mysidia@gmail.com> wrote:
>>> That is, HTTPs should become assumed.
>> As much as that would be wonderful from a security standpoint, IMO
>> it's not realistic to expect every mom-and-pop posting a personal Web
>> site to pay extra for a static/dedicated IP address from their hosting
>> company (even if IPv6 were widely deployed, Web hosts probably would
>> charge extra for this just on principle), and to pay extra for an SSL
>> certificate, even a "weak" one that only verifies the domain name.
> Self-signed certificates published thru DNSSEC using CAA/DANE can cost nothing.
> (And somebody else pointed out SNI to have TLS work without exclusive
> IP requirement)
>
> Rubens
>
