Nxdomain redirect revenue

Brian Smith pingwin at gmail.com
Tue Oct 4 14:55:22 CDT 2011


+1 to the use of CAA/DANE

-brian


On 09/27/2011 07:34 PM, Rubens Kuhl wrote:
> On Tue, Sep 27, 2011 at 7:29 PM, David E. Smith<dave at mvn.net>  wrote:
>> On Tue, Sep 27, 2011 at 17:08, Jimmy Hess<mysidia at gmail.com>  wrote:
>>> That is, HTTPs should become assumed.
>> As much as that would be wonderful from a security standpoint, IMO
>> it's not realistic to expect every mom-and-pop posting a personal Web
>> site to pay extra for a static/dedicated IP address from their hosting
>> company (even if IPv6 were widely deployed, Web hosts probably would
>> charge extra for this just on principle), and to pay extra for an SSL
>> certificate, even a "weak" one that only verifies the domain name.
> Self-signed certificates published thru DNSSEC using CAA/DANE can cost nothing.
> (And somebody else pointed out SNI to have TLS work without exclusive
> IP requirement)
>
> Rubens
>



More information about the NANOG mailing list