[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] free SSL certs from the EFF
- Subject: [Discuss] free SSL certs from the EFF
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Mon, 24 Nov 2014 21:59:33 -0500
- In-reply-to: <54737E7C.firstname.lastname@example.org>
- References: <546C4823.email@example.com> <BN3PR0401MB1204BAB10AE6249C54E4E81BDC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <54737E7C.firstname.lastname@example.org>
On 11/24/2014 1:52 PM, Matthew Gillen wrote: > What I would really like to see is a scheme adopted like SPF for mail: a > TXT DNS entry for your domain that has the CA (or a fingerprint for the > CA, or maybe the whole public cert). That way you can be unequivocal > about who the valid CA for your domain is. This doesn't solve the problem. All it does is shift your trust chain from a certificate authority to a DNS registrar. And maybe not that much if your DNS registrar is also your CA. -- Rich P.