On 5 August 2011 22:07, Daniel Kahn Gillmor <[email protected]> wrote: > On 08/05/2011 04:01 PM, Melvin Carvalho wrote: > >> In general it would be fair to say WebiD has a dependency on DNS but >> so does email email. In both systems there are cases where you can >> work without DNS. >> >> Unsure of the supposed dependency of the CA Cartel, given that >> certificates are self signed. Perhaps I'm missing something, tho. > > Barring a functional DNSSEC+DANE implementation (which no one seems to > have running in the real world yet to my knowledge), there is a > dependency on the CA Cartel to verify the certificates of the web > servers involved. > > I'm assuming, of course, that the web servers use HTTPS; otherwise, a > network attacker could simply hijack the connections to the server directly.
DNSSEC/DANE would be nice for the future, but it's not the only solution, right now. You can self sign web server certs. This is what I do. In fact I think the apache2 conf in debian comes with such an SSL setup out of the box. Of course some browsers may throw a warning that you can click through, but there's options even in that case, such to use the perspectives project http://perspectives-project.org/ Another option is use the CA cartel to get a free cert, if you prefer. This works http://www.startssl.com/?app=1 > > --dkg > > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss > _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
