I am also not sure about the question, but I would say this: you should
probably consider using DANE [1] records to enable users to secure TLS
connections to your GNS-resolved sites. GNUnet's GNS-enabled socks proxy
validates TLS server certificates against DANE records in GNS, and
gnunet-namestore-gtk can help you create DANE records.
[1] https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
On 12/3/23 22:04, Schanzenbach, Martin wrote:
I'm sorry I do not understand the question. How does any of this relate
to GNS?
Best
Martin
On 03.12.23 09:56, [email protected] wrote:
I almost forget to mention that there is a possible issue with URL
https://IPv4_IP_address and https://[IPv6_IP_address]. SSL
certification, at least for the domain name, will not cover https://
protocol and IP address combinations. Are insecure URL
https://IPv4_IP_address and https://[IPv6_IP_address considered
possible man-in-the-middle attack vulnerabilities?
--
Sincerely,
[email protected]
