[anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards
- Previous message (by thread): [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards
- Next message (by thread): [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alessandro Vesely
vesely at tana.it
Tue Mar 12 19:17:33 CET 2024
On Tue 12/Mar/2024 17:24:08 +0100 David Conrad wrote: > On Mar 12, 2024, at 1:57 AM, Alessandro Vesely <vesely at tana.it> wrote: >> DNSSEC everywhere would make more sense than HTTPS everywhere, which instead >> won the hype. > > I figure enabling DNSSEC validation everywhere and signing what makes sense > after doing a cost/benefit trade off would be the rational way to go. As > signing technologies get more mature, the cost goes down and even the marginal > benefit of signing everything would be justified. Right, and I'd guess the number of operators involved in switching to DNSSEC is less than that for HTTPS. >> Being sure to connect to the IP designated by the >> domain is essential, while encrypting every page of sites like, say, >> wikipedia is just wasting cycles. > > As Randy points out, TLS also gives you authentication (as long as you trust > the myriad CAs) and with more granularity than the IP address. Right, and let's note that the chain of trust is hierarchical for DNSSEC, which makes for a clear cut PKI. HTTPS certificate are based on browser/ system/ distro/ user policy choices, a rather hazy infrastructure. > On wasting cycles, if you only encrypt the sensitive stuff, you give away the > fact that you’re communicating sensitive stuff when you encrypt. > > However, I suspect this isn’t particularly in the charter of this mailing list… Well, the OP topic is DNSSEC and _Resource_ Public Key Infrastructure (RPKI), which is similar in principle to the domain based hierarchy of DNSSEC. Best Ale --
- Previous message (by thread): [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards
- Next message (by thread): [anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]