[Discuss] free SSL certs from the EFF
Joe Polcari
Joe at Polcari.com
Thu Dec 4 13:25:27 EST 2014
More like Bad news: you have to find somewhere else to connect to the net if
you're going to get fired for not doing so.
-----Original Message-----
From: discuss-bounces+joe=polcari.com at blu.org
[mailto:discuss-bounces+joe=polcari.com at blu.org] On Behalf Of Richard Pieri
Sent: Thursday, December 04, 2014 1:01 PM
To: discuss at blu.org
Subject: Re: [Discuss] free SSL certs from the EFF
On 12/4/2014 12:15 PM, Joe Polcari wrote:
> To me, that's a good reason for things to stop working.
For certain values of "good" I suppose.
Good news: your email wasn't hacked.
Bad news: you're fired for failing to submit your reports on time.
On 12/4/2014 12:36 PM, John Hall wrote:
> I had not heard of DANE (DNS based authentication of named
> entities). I found found rfc-6698 in a search .. not sure if anyone
> mentioned it yet.
> https://datatracker.ietf.org/doc/rfc6698/
I think Firefox 34 takes note of it. It's a digital signature from a
host's TLS key added to that host's DNS records which you can use
instead of following the X.509 trust chain to verify the certificate.
Which is to say, it shifts trust away from certificate authorities like
VeriSign to top-level DNS registrars like VeriSign.
And it has the same failure modes and lack of failure mitigation that
DNSSEC has.
--
Rich P.
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://lists.blu.org/mailman/listinfo/discuss
More information about the Discuss
mailing list