Re: Nxdomain redirect revenue

[Brian Smith <pingwin () gmail com>]

+1 to the use of CAA/DANE

-brian


On 09/27/2011 07:34 PM, Rubens Kuhl wrote:
> On Tue, Sep 27, 2011 at 7:29 PM, David E. Smith<dave () mvn net>  wrote:
> > On Tue, Sep 27, 2011 at 17:08, Jimmy Hess<mysidia () gmail com>  wrote:
> > > That is, HTTPs should become assumed.
> > As much as that would be wonderful from a security standpoint, IMO
> > it's not realistic to expect every mom-and-pop posting a personal Web
> > site to pay extra for a static/dedicated IP address from their hosting
> > company (even if IPv6 were widely deployed, Web hosts probably would
> > charge extra for this just on principle), and to pay extra for an SSL
> > certificate, even a "weak" one that only verifies the domain name.
> Self-signed certificates published thru DNSSEC using CAA/DANE can cost nothing.
> (And somebody else pointed out SNI to have TLS work without exclusive
> IP requirement)
>
> Rubens