Nxdomain redirect revenue

Rubens Kuhl rubensk at gmail.com
Tue Sep 27 18:34:15 CDT 2011


On Tue, Sep 27, 2011 at 7:29 PM, David E. Smith <dave at mvn.net> wrote:
> On Tue, Sep 27, 2011 at 17:08, Jimmy Hess <mysidia at gmail.com> wrote:
>> That is, HTTPs should become assumed.
>
> As much as that would be wonderful from a security standpoint, IMO
> it's not realistic to expect every mom-and-pop posting a personal Web
> site to pay extra for a static/dedicated IP address from their hosting
> company (even if IPv6 were widely deployed, Web hosts probably would
> charge extra for this just on principle), and to pay extra for an SSL
> certificate, even a "weak" one that only verifies the domain name.

Self-signed certificates published thru DNSSEC using CAA/DANE can cost nothing.
(And somebody else pointed out SNI to have TLS work without exclusive
IP requirement)

Rubens



More information about the NANOG mailing list