BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] free SSL certs from the EFF
- Subject: [Discuss] free SSL certs from the EFF
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Mon, 24 Nov 2014 21:59:33 -0500
- In-reply-to: <54737E7C.5040506@mattgillen.net>
- References: <546C4823.6060900@gmail.com> <BN3PR0401MB1204BAB10AE6249C54E4E81BDC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <54737E7C.5040506@mattgillen.net>
On 11/24/2014 1:52 PM, Matthew Gillen wrote: > What I would really like to see is a scheme adopted like SPF for mail: a > TXT DNS entry for your domain that has the CA (or a fingerprint for the > CA, or maybe the whole public cert). That way you can be unequivocal > about who the valid CA for your domain is. This doesn't solve the problem. All it does is shift your trust chain from a certificate authority to a DNS registrar. And maybe not that much if your DNS registrar is also your CA. -- Rich P.
- References:
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] root CA bloat
- Next by Date: [Discuss] free SSL certs from the EFF
- Previous by thread: [Discuss] free SSL certs from the EFF
- Next by thread: [Discuss] free SSL certs from the EFF
- Index(es):