While we're on the whole "make HTTPS secure" wave, might as well bring this up:

https://bugzilla.wikimedia.org/show_bug.cgi?id=24413

DNSSEC is an authenticated method of retrieving DNS records, hence disallowing attackers from providing fake IP address resolutions to clients. Usually this doesn't mean much while using HTTPS, since you're authenticating with TLS anyway, but I still think it'd be a good idea to implement.

On a side note, there's also a proposed RFC called DANE, which basically allows TLS certificate verification through DNSSEC (usually in addition to CA verification). That is another thing we can consider. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com