Mozilla: Deprecating Non-Secure HTTP

Posted May 13, 2015 15:57 UTC (Wed) by gerv (guest, #3376)
In reply to: Mozilla: Deprecating Non-Secure HTTP by flussence
Parent article: Mozilla: Deprecating Non-Secure HTTP

I think you may be waiting a while - Adam Langley of Chrome on DANE: https://www.imperialviolet.org/2015/01/17/notdane.html . And I believe our team at Mozilla has similar feelings.

Gerv

Mozilla: Deprecating Non-Secure HTTP

Posted May 13, 2015 16:36 UTC (Wed) by Lennie (subscriber, #49641) [Link] (1 responses)

Part of that blog post is already outdated:

"DNSSEC, however, is littered with 1024-bit RSA." ... "The RFC suggests that 1024-bit RSA is good for “most zones” until 2022."

Funny little fact about that is that 80% of currently deployed DNSSEC-validating resolvers supports the newer/beter/more secure ECDSA. That was 66% in Sept. last year:

https://ripe70.ripe.net/archives/video/40/

And Cloudflare will be deploying with DNSSEC with ECDSA this year for their domains. So, pretty sure that last 20% is going to melt away pretty fast too.

Mozilla: Deprecating Non-Secure HTTP

Posted May 13, 2015 20:23 UTC (Wed) by gerv (guest, #3376) [Link]

One of the trees may have fallen over, but there's still pretty much a whole wood left...