• MajorHavoc@lemmy.world
    link
    fedilink
    arrow-up
    20
    ·
    1 year ago

    As someone knowledgeable on the subject, this was my journey:

    Mozilla: “While HTTPS encryts web page contents, many middlemen can still see the URL of the sites you visit.”

    Me: “Yes, we know this is a problem. It has been for a long time. But if you’re adding some kind of complex new solution, it’s going to cause issues for…”

    Mozilla: “We added public key encryption to DNS.”

    Me: “Oh shit, that’s really smart, and it’ll just work.”

    The brilliance of this move is public key encryption is old and widely supported and DNS is old and universally supported. I think we will see broad support roll out quickly on this one (at least compared to glacial scale of changes across the Internet.)

    • andrew@lemmy.stuart.fun
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      This should also be done for CA keys. If ACME can make DNS ownership the source of trust, just let me stuff my own root CA cert in a DNS record and skip the middle man.