[145750] in cryptography@c2.net mail archive
Re: towards https everywhere and strict transport security (was:
daemon@ATHENA.MIT.EDU (Paul Wouters)
Thu Aug 26 12:29:46 2010
Date: Thu, 26 Aug 2010 12:21:57 -0400 (EDT)
From: Paul Wouters <paul@xelerance.com>
To: dan@geer.org
cc: Anne & Lynn Wheeler <lynn@garlic.com>, cryptography@metzdowd.com
In-Reply-To: <20100826103819.6C63133F32@absinthe.tinho.net>
On Thu, 26 Aug 2010, dan@geer.org wrote:
> > as previously mentioned, somewhere back behind everything else ... there
> > is strong financial motivation in the sale of the SSL domain name digital
> > certificates.
> >
>
> While I am *not* arguing that point, per se, if having a
> better solution would require, or would have required, no
> more investment than the accumulated profits in the sale
> of SSL domain name certs, we could have solved this by now.
Currently, the IETF keyassure WG is working on specifying how to use DNS(SEC)
to put the certs in the DNS to avoid the entire CA authentication.
It seems to be deciding on certs (not raw keys/hashes) to simplify and re-use
the existing TLS based implementations (eg HTTPS)
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
