Subject: RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Date: Wed, Feb 27, 2019 at 10:17:22AM -0500 Quoting Eric Tykwinski (eric-list@truenet.com):
Nah, you know, that won't happen any time soon. Mozilla is busy doing other, more important things, like streaming all of the users' DNS queries to Cloudflare, etc. The plain old security doesn't count anymore.
-- Töma
This was sort of discussed awhile ago: Adam Langley: https://www.imperialviolet.org/2015/01/17/notdane.html
Calling TXT or DANE non-standard is a remarkable statement. Smells of the deeply flawed reasoning that brought us the festering pile of defaitism that is RFC 7208.[0] As I wrote a few messages upthread, the user can not expect the network to be trustworthy, and still, we who run the network would very much like their business. So, what we must constantly strive for is maximum transparency, carrying as much of the Internet experienc, good or bad, to the end user. Or, more terse: "Middleboxes are bad for you." -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 I demand IMPUNITY! [0] This document tries to deprecate RRTYPE 99 for SPF. By stating that only TXT records can be trusted. Apparently, it is possible to decide on the fly which RRtypes are possible to query for, depending on the argument.