[Discuss] free SSL certs from the EFF
Richard Pieri
richard.pieri at gmail.com
Mon Nov 24 21:59:33 EST 2014
On 11/24/2014 1:52 PM, Matthew Gillen wrote:
> What I would really like to see is a scheme adopted like SPF for mail: a
> TXT DNS entry for your domain that has the CA (or a fingerprint for the
> CA, or maybe the whole public cert). That way you can be unequivocal
> about who the valid CA for your domain is.
This doesn't solve the problem. All it does is shift your trust chain
from a certificate authority to a DNS registrar. And maybe not that much
if your DNS registrar is also your CA.
--
Rich P.
More information about the Discuss
mailing list