Just a minor note on this paragraph: On 07/07/2014 06:48 AM, Eliot Lear wrote: > because HTTPS currently depends on X.509 keys, other >> groups in the IETF world are already working to make HTTPS proof against >> on-path surveillance. (google for "perfect forward secrecy" to learn >> more), and others are working to defend the internet user population >> against wildcard or targeted SSL certificates issued by governments and >> other anti-secrecy agents with on-path capabilities.
TLS has this ciphersuite concept and allows you to more than just X.509 certificates. As such, you have more freedom than you think (if you know what you want). It would be funny if the precondition using using DANE would be to require a PKI as currently used on the Web... Ciao Hannes PS: I don't think that the solution for addressing government surveillance is addressed by that proposal but it might solve other things.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
