[144441] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Why are we still using the CA model? (Re: Microsoft deems all

daemon@ATHENA.MIT.EDU (Martin Millnert)
Mon Sep 12 06:12:55 2011

In-Reply-To: <CAAAas8Fua4EbjwKs_wkrcyr1Y6TqXQYNOAC5VGANKmh3hNSfUA@mail.gmail.com>
Date: Mon, 12 Sep 2011 12:12:08 +0200
From: Martin Millnert <millnert@gmail.com>
To: Mike Jones <mike@mikejones.in>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Mike,

On Sun, Sep 11, 2011 at 8:44 PM, Mike Jones <mike@mikejones.in> wrote:
> It will take a while to get updated browsers rolled out to enough
> users for it do be practical to start using DNS based self-signed
> certificated instead of CA-Signed certificates, so why don't any
> browsers have support yet? are any of them working on it?

Chrome v 14 works with DNS stapled certificates, sort of a hack. (
http://www.imperialviolet.org/2011/06/16/dnssecchrome.html )

There are other proposals/ideas out there, completely different to
DANE / DNSSEC, like http://perspectives-project.org/ /
http://convergence.io/ .

Regard,
Martin


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[144441] in North American Network Operators' Group

Re: Why are we still using the CA model? (Re: Microsoft deems all

daemon@ATHENA.MIT.EDU (Martin Millnert)Mon Sep 12 06:12:55 2011

daemon@ATHENA.MIT.EDU (Martin Millnert)
Mon Sep 12 06:12:55 2011