As discussed in bug #508554, publishing TLSA records (for smtp and http) will result in better security. To summarize: - DNSSEC: a man-in-the-middle hardened means of publishing DNS data. - DANE: an IETF working group to develop standards for using DNSSEC to publish authentication information (public keys and the like) that binds DNS names to corresponding credentials. http://datatracker.ietf.org/wg/dane/charter/ - TLSA: one of the DNS record types developed by the DANE working group that publishes TLS server keys in DNS. TLSA records are defined in RFC 6698. http://tools.ietf.org/html/rfc6698 http://datatracker.ietf.org/doc/rfc6698/ gentoo.org supports DNSSEC but not DANE. The hard part (DNSSEC) is already done. Please consider publishing TLSA records for gentoo.org.
*** This bug has been marked as a duplicate of bug 502372 ***