Pretty sure that what he's referring to is called DANE. It lets a domain holder assert a certificate or key pair, using DNSSEC to bind it to the domain instead of PKIX (or in addition to PKIX).
https://tools.ietf.org/html/rfc6698 On Sep 21, 2014, at 8:01 AM, Anne van Kesteren <ann...@annevk.nl> wrote: > On Sun, Sep 21, 2014 at 1:14 PM, Aryeh Gregor <a...@aryeh.name> wrote: >> What happened to serving certs over DNSSEC? If browsers supported >> that well, it seems it has enough deployment on TLDs and registrars to >> be usable to a large fraction of sites. > > DNSSEC does not help with authentication of domains and establishing a > secure communication channel as far as I know. Is there a particular > proposal you are referring to? > > > -- > https://annevankesteren.nl/ > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform