More like Bad news: you have to find somewhere else to connect to the net if you're going to get fired for not doing so.
-----Original Message----- From: discuss-bounces+joe=polcari....@blu.org [mailto:discuss-bounces+joe=polcari....@blu.org] On Behalf Of Richard Pieri Sent: Thursday, December 04, 2014 1:01 PM To: discuss@blu.org Subject: Re: [Discuss] free SSL certs from the EFF On 12/4/2014 12:15 PM, Joe Polcari wrote: > To me, that's a good reason for things to stop working. For certain values of "good" I suppose. Good news: your email wasn't hacked. Bad news: you're fired for failing to submit your reports on time. On 12/4/2014 12:36 PM, John Hall wrote: > I had not heard of DANE (DNS based authentication of named > entities). I found found rfc-6698 in a search .. not sure if anyone > mentioned it yet. > https://datatracker.ietf.org/doc/rfc6698/ I think Firefox 34 takes note of it. It's a digital signature from a host's TLS key added to that host's DNS records which you can use instead of following the X.509 trust chain to verify the certificate. Which is to say, it shifts trust away from certificate authorities like VeriSign to top-level DNS registrars like VeriSign. And it has the same failure modes and lack of failure mitigation that DNSSEC has. -- Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
