299
submitted 1 year ago by kixik@lemmy.ml to c/firefox@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] End0fLine@startrek.website 28 points 1 year ago

I'm going to wait for someone more knowledgeable on this subject to come by and correct me, but this seems pretty cool to me.

[-] MajorHavoc@lemmy.world 21 points 1 year ago

As someone knowledgeable on the subject, this was my journey:

Mozilla: "While HTTPS encryts web page contents, many middlemen can still see the URL of the sites you visit."

Me: "Yes, we know this is a problem. It has been for a long time. But if you're adding some kind of complex new solution, it's going to cause issues for..."

Mozilla: "We added public key encryption to DNS."

Me: "Oh shit, that's really smart, and it'll just work."

The brilliance of this move is public key encryption is old and widely supported and DNS is old and universally supported. I think we will see broad support roll out quickly on this one (at least compared to glacial scale of changes across the Internet.)

[-] andrew@lemmy.stuart.fun 3 points 1 year ago

This should also be done for CA keys. If ACME can make DNS ownership the source of trust, just let me stuff my own root CA cert in a DNS record and skip the middle man.

this post was submitted on 05 Oct 2023
299 points (98.1% liked)

Firefox

17828 readers
67 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS