|
Message-ID: <518011C0.3060006@gmail.com>
Date: Tue, 30 Apr 2013 20:47:28 +0200
From: Nicolas Braud-Santoni <nicolas.braudsantoni@...il.com>
To: musl@...ts.openwall.com
Subject: Re: High-priority library replacements?
On 25/04/2013 08:43, Gregor Pintar wrote:
> Hello.
> [...]
>
> I think best way is not to trust any certificate authority.
> Maybe some certificate p2p protocol could be done?
Hello,
Are you aware of DANE (RFC6698, https://en.wikipedia.org/wiki/DANE) ?
It is a RFC which suggests holding certificates fingerprints in special
DNS records.
Since DNSSEC allows us to establish trust of these records, this is a
simple and robust alternative to CA-based trust models.
However, and AFAIK, it doesn't cope with entities that aren't accessed
through a hostname.
Have a good day,
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.