[afnog] SSL/TLS certs

Randy Bush randy at psg.com
Wed Jun 8 20:55:03 UTC 2016


> why not implement DNSSEC and DANE :)

one should.  if you read the letsencrypt community list, you will see
that i am the one who posted how to combine them

    https://community.letsencrypt.org/t/making-a-dane-tlsa-to-work-with-le/2129

but dane has even less deployment than dnssec, and folk should be using
https on all web sites, smtp, ....  and it is widely deployed and easy.
so a nice free letsencrypt cert is great!

>> the solution is not to purchase ssl certs.  thanks to a very cool
>> community (eff, google, mozilla, ...) effort, you can get them for
>> free.
>>    https://letsencrypt.org/

randy



More information about the afnog mailing list