Date: Tue, 30 Apr 2013 20:47:28 +0200 From: Nicolas Braud-Santoni <nicolas.braudsantoni@...il.com> To: musl@...ts.openwall.com Subject: Re: High-priority library replacements? On 25/04/2013 08:43, Gregor Pintar wrote: > Hello. > [...] > > I think best way is not to trust any certificate authority. > Maybe some certificate p2p protocol could be done? Hello, Are you aware of DANE (RFC6698, https://en.wikipedia.org/wiki/DANE) ? It is a RFC which suggests holding certificates fingerprints in special DNS records. Since DNSSEC allows us to establish trust of these records, this is a simple and robust alternative to CA-based trust models. However, and AFAIK, it doesn't cope with entities that aren't accessed through a hostname. Have a good day, Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.