<div dir="ltr">+1 Randy</div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-08 22:55 GMT+02:00 Randy Bush <span dir="ltr"><<a href="mailto:randy@psg.com" target="_blank">randy@psg.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> why not implement DNSSEC and DANE :)<br>
<br>
</span>one should.  if you read the letsencrypt community list, you will see<br>
that i am the one who posted how to combine them<br>
<br>
    <a href="https://community.letsencrypt.org/t/making-a-dane-tlsa-to-work-with-le/2129" rel="noreferrer" target="_blank">https://community.letsencrypt.org/t/making-a-dane-tlsa-to-work-with-le/2129</a><br>
<br>
but dane has even less deployment than dnssec, and folk should be using<br>
https on all web sites, smtp, ....  and it is widely deployed and easy.<br>
so a nice free letsencrypt cert is great!<br>
<div class="HOEnZb"><div class="h5"><br>
>> the solution is not to purchase ssl certs.  thanks to a very cool<br>
>> community (eff, google, mozilla, ...) effort, you can get them for<br>
>> free.<br>
>>    <a href="https://letsencrypt.org/" rel="noreferrer" target="_blank">https://letsencrypt.org/</a><br>
<br>
randy<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><p><span style="font-family:arial,helvetica,sans-serif"><b><font color="#333333">BIAOU Ramanou</font></b></span><br><font color="#9999ff">----------------------------------------------------------------------------------------------------------------<br></font><a href="http://www.biaou.net" style="font-size:x-small" target="_blank">www.biaou.net</a><br><span style="color:rgb(153,153,255)">----------------------------------------------------------------------------------------------------------------</span></p></div></div>
</div>