After reading about CA compromises again and again, I am wondering: Is Mozilla actively working on a TLS public key checking system that has real trust agility (not DNSsec!) and that doesn't require CAs to work (but that can work in parallel with the CA system)?
Building Convergence into Firefox perhaps? (I'm aware that Convergence doesn't work in captive portals and that business incentives that'd result in a diverse high-availability network of notaries are unclear.) -- Henri Sivonen hsivo...@iki.fi http://hsivonen.iki.fi/ _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security