Valeri Galtsev wrote: > On Wed, April 27, 2016 10:29 am, m.roth at 5-cent.us wrote: >> Alice Wonder wrote: >>> On 04/27/2016 01:21 AM, Brandon Vincent wrote: >>>> On Wed, Apr 27, 2016 at 1:10 AM, Rob Kampen >>>> <rkampen at kampensonline.com> >> wrote: >>>>> Sounds good, but how many domain MX servers have set up these >>>>> fingerprint keys - 1%, maybe 2%, so how do you code for that? I guess >> I'm thinking >>>>> it uses it if available. So even if you do post it on your DNS, how >>>>> many clients out there are using DANE on their set up? By the time it >>>>> becomes more than a tiny % and generally useful, it will be in CentOS 8. >>>>> It also requires certificates to be implemented more ubiquitously than >>>>> at present - although we do now have affordable solutions, so this >>>>> one may resolve more quickly. >>>> >>> Security and Privacy on the Internet are both severely broken. >>> >>> If you read the white papers from when the Internet was first being >>> designed, security was rarely even mentioned. <snip> >> Just as a point of information, when those RFCs were written, the >> Internet was *only* for US gov't, and selected research and educational >> organizations, and NO ONE else. The open 'Net only came in in the >> nineties - so security wasn't broken and insecure, back then there was physical >> security and careful selection as to who was allowed on, at all. > > That is true, they had in mind resilience of communication net to portions > of it brought down (implying some nasty thing like nuclear exchange). Real > security though is not in restriction of those who can access something > (like government only). Security experts often say: if a secret in known > to two people it likely is not a secret anymore ;-( Yup, which drives some governments and companies *nuts*... but the original specs included the idea that "if you can find ANY way for your packets to get through, even if three-quarters of all the computers between me and you are now radioactive dust, you will get those packets through". mark