On Tue, Sep 27, 2011 at 7:29 PM, David E. Smith <d...@mvn.net> wrote: > On Tue, Sep 27, 2011 at 17:08, Jimmy Hess <mysi...@gmail.com> wrote: >> That is, HTTPs should become assumed. > > As much as that would be wonderful from a security standpoint, IMO > it's not realistic to expect every mom-and-pop posting a personal Web > site to pay extra for a static/dedicated IP address from their hosting > company (even if IPv6 were widely deployed, Web hosts probably would > charge extra for this just on principle), and to pay extra for an SSL > certificate, even a "weak" one that only verifies the domain name.
Self-signed certificates published thru DNSSEC using CAA/DANE can cost nothing. (And somebody else pointed out SNI to have TLS work without exclusive IP requirement) Rubens
