Re: Question about DNS naming conventions

[Jack Bates <jbates () paradoxnetworks net>]

On 2/12/2025 8:15 AM, William Herrin wrote:
> And then of course there's the completely fair question of whether
> it's sensible to forcibly deprecate older security protocols when
> accessing information that's also offered over fully unencrypted
> channels. Confidentiality, Integrity AND Availability. Lotta wounds to
> availability from forced deprecation. Whole lot.
The software has no concept of what the data is and must provide the 
user the desired confidentiality and integrity, which unfortunately 
means forced deprecation and possible lack of Availability. This also 
applies to features such as HTTPS RRs in DNS that aren't always 
configured correctly and ECH prohibits fallback when it breaks; choosing 
security over availability.

I do wish browsers were better at explaining why something breaks, 
though. It's especially bad with embedded content where it just doesn't 
work and even dev tools might show "server disconnected prematurely" or 
something similar.

Jack