Nxdomain redirect revenue

David E. Smith dave at mvn.net
Tue Sep 27 22:29:36 UTC 2011

On Tue, Sep 27, 2011 at 17:08, Jimmy Hess <mysidia at gmail.com> wrote:
> That is, HTTPs should become assumed.

As much as that would be wonderful from a security standpoint, IMO
it's not realistic to expect every mom-and-pop posting a personal Web
site to pay extra for a static/dedicated IP address from their hosting
company (even if IPv6 were widely deployed, Web hosts probably would
charge extra for this just on principle), and to pay extra for an SSL
certificate, even a "weak" one that only verifies the domain name.

If a given Web site's developers think their content is "important"
(however they define the term), they certainly can add SSL to the
site; in the grand scheme of things the cost is pretty small. But
assuming everyone can/should do this is probably a step too far.

That said, there's nothing wrong with browser extensions that try
HTTPS first, and I'd wager that sooner or later one of the big
browsers will make that a built-in option.

David Smith

More information about the NANOG mailing list