[CentOS] Apache/PHP Installation - opinions

Wed Apr 27 08:21:08 UTC 2016
Brandon Vincent <Brandon.Vincent at asu.edu>

On Wed, Apr 27, 2016 at 1:10 AM, Rob Kampen <rkampen at kampensonline.com> wrote:
> Sounds good, but how many domain MX servers have set up these fingerprint
> keys - 1%, maybe 2%, so how do you code for that? I guess I'm thinking it
> uses it if available. So even if you do post it on your DNS, how many
> clients out there are using DANE on their set up? By the time it becomes
> more than a tiny % and generally useful, it will be in CentOS 8. It also
> requires certificates to be implemented more ubiquitously than at present -
> although we do now have affordable solutions, so this one may resolve more
> quickly.

I hope my prior comments weren't too off topic but a lot of people
don't seem to understand the purpose for an enterprise distribution.

DANE is a perfect example of this. Go poll the SMTP servers for any
company on the S&P 500 and I can almost guarantee that 99.9% of them
will not have TLSA records for DANE. It's a new/emerging technology.
The same is true with DNSSEC (which is actually quite old).

Enterprises are typically behind in the technology they adopt.
Stability and reliability are paramount. This is where RHEL and CentOS
come in.

I know of a few companies listed on the S&P 500 who still have SSLv3
turned on to allow customers with old versions of Internet Explorer on
Windows XP to connect. You can't simply assume everyone is using the
latest technology.

This is the reason IBM loves System z.

Brandon Vincent