While we're on the whole "make HTTPS secure" wave, might as well bring this
up:
https://bugzilla.wikimedia.org/show_bug.cgi?id=24413
DNSSEC is an authenticated method of retrieving DNS records, hence
disallowing attackers from providing fake IP address resolutions to
clients. Usually this doesn't mean much while using HTTPS, since you're
authenticating with TLS anyway, but I still think it'd be a good idea to
implement.
On a side note, there's also a proposed RFC called DANE, which basically
allows TLS certificate verification through DNSSEC (usually in addition to
CA verification). That is another thing we can consider.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com