[gnso-rds-pdp-wg] On whether domain name registrants need certificates

[Andrew Sullivan]

Hi,

In attempting to catch up for this week's poll, I noticed that some
participants were doubting whether certificates associated with domain
names are a universal need.

They are not, of course, but they appear poised to get quite a bit
more necessary.  Google has already announced that Chrome is going to
start marking sites that don't support TLS (i.e. are http as opposed
to https) as "insecure", inverting the "green lock" thing that many
people are now used to.  Mozilla has previously talked about this,
though haven't committed yet.

Now, note that many of the certificates in question will be Let's
Encrype, ACME-based certs and therefore will probably not depend on
RDS.  Of course, that's partly because the IETF ACME WG isn't using
whois today because it's awful.  If there were ways reliably to
automate the check, maybe the Let's Encrypt certs would provide
marginally higher assurance than they do today, which is just the DV
(domain validation) level.

I will note that I use LE certificates (for instance, on the
mailserver sending this mail) and think they are dandy.  Not everyone
agrees.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com