Date: Tue, 30 Apr 2013 21:18:52 +0200 From: Gregor Pintar <grpintar@...il.com> To: musl@...ts.openwall.com Subject: Re: High-priority library replacements? 2013/4/30, Nicolas Braud-Santoni <nicolas.braudsantoni@...il.com>: > On 25/04/2013 08:43, Gregor Pintar wrote: >> Hello. >> [...] >> >> I think best way is not to trust any certificate authority. >> Maybe some certificate p2p protocol could be done? > > Hello, > > Are you aware of DANE (RFC6698, https://en.wikipedia.org/wiki/DANE) ? > It is a RFC which suggests holding certificates fingerprints in special > DNS records. > Since DNSSEC allows us to establish trust of these records, this is a > simple and robust alternative to CA-based trust models. > > However, and AFAIK, it doesn't cope with entities that aren't accessed > through a hostname. > > > Have a good day, > > Thanks, I was not aware of it.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.