this post was submitted on 05 Oct 2023
300 points (98.1% liked)

Firefox

17937 readers
37 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 21 points 1 year ago (1 children)

As someone knowledgeable on the subject, this was my journey:

Mozilla: "While HTTPS encryts web page contents, many middlemen can still see the URL of the sites you visit."

Me: "Yes, we know this is a problem. It has been for a long time. But if you're adding some kind of complex new solution, it's going to cause issues for..."

Mozilla: "We added public key encryption to DNS."

Me: "Oh shit, that's really smart, and it'll just work."

The brilliance of this move is public key encryption is old and widely supported and DNS is old and universally supported. I think we will see broad support roll out quickly on this one (at least compared to glacial scale of changes across the Internet.)

[โ€“] [email protected] 3 points 1 year ago

This should also be done for CA keys. If ACME can make DNS ownership the source of trust, just let me stuff my own root CA cert in a DNS record and skip the middle man.