• MajorHavoc@lemmy.world
      link
      fedilink
      arrow-up
      21
      ·
      1 year ago

      As someone knowledgeable on the subject, this was my journey:

      Mozilla: “While HTTPS encryts web page contents, many middlemen can still see the URL of the sites you visit.”

      Me: “Yes, we know this is a problem. It has been for a long time. But if you’re adding some kind of complex new solution, it’s going to cause issues for…”

      Mozilla: “We added public key encryption to DNS.”

      Me: “Oh shit, that’s really smart, and it’ll just work.”

      The brilliance of this move is public key encryption is old and widely supported and DNS is old and universally supported. I think we will see broad support roll out quickly on this one (at least compared to glacial scale of changes across the Internet.)

      • andrew@lemmy.stuart.fun
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        This should also be done for CA keys. If ACME can make DNS ownership the source of trust, just let me stuff my own root CA cert in a DNS record and skip the middle man.