Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Apr 2013 20:47:28 +0200
From: Nicolas Braud-Santoni <>
Subject: Re: High-priority library replacements?

On 25/04/2013 08:43, Gregor Pintar wrote:
> Hello.
> [...]
> I think best way is not to trust any certificate authority.
> Maybe some certificate p2p protocol could be done?


Are you aware of DANE (RFC6698, ?
It is a RFC which suggests holding certificates fingerprints in special
DNS records.
Since DNSSEC allows us to establish trust of these records, this is a
simple and robust alternative to CA-based trust models.

However, and AFAIK, it doesn't cope with entities that aren't accessed
through a hostname.

Have a good day,

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.