Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Apr 2013 21:18:52 +0200
From: Gregor Pintar <>
Subject: Re: High-priority library replacements?

2013/4/30, Nicolas Braud-Santoni <>:
> On 25/04/2013 08:43, Gregor Pintar wrote:
>> Hello.
>> [...]
>> I think best way is not to trust any certificate authority.
>> Maybe some certificate p2p protocol could be done?
> Hello,
> Are you aware of DANE (RFC6698, ?
> It is a RFC which suggests holding certificates fingerprints in special
> DNS records.
> Since DNSSEC allows us to establish trust of these records, this is a
> simple and robust alternative to CA-based trust models.
> However, and AFAIK, it doesn't cope with entities that aren't accessed
> through a hostname.
> Have a good day,
Thanks, I was not aware of it.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.