[anti-abuse-wg] IS3C public consultation on an alternative narrative to deploy Internet standards

On Mar 12, 2024, at 1:57 AM, Alessandro Vesely <vesely at tana.it> wrote:
> DNSSEC everywhere would make more sense than HTTPS everywhere, which instead won the hype.  

I figure enabling DNSSEC validation everywhere and signing what makes sense after doing a cost/benefit trade off would be the rational way to go.  As signing technologies get more mature, the cost goes down and even the marginal benefit of signing everything would be justified.

> Being sure to connect to the IP designated by the
> domain is essential, while encrypting every page of sites like, say,
> wikipedia is just wasting cycles.


As Randy points out, TLS also gives you authentication (as long as you trust the myriad CAs) and with more granularity than the IP address.

On wasting cycles, if you only encrypt the sensitive stuff, you give away the fact that you’re communicating sensitive stuff when you encrypt.

However, I suspect this isn’t particularly in the charter of this mailing list… 

Regards,
-drc
Partner/CTO, Layer 9 Technologies (layer9.tech <http://layer9.tech/>)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20240312/590503d8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20240312/590503d8/attachment.sig>