Quite old, but still interesting video from DefCon19 about CAs, DNSSEC and
that Convergence project as one of the possible solutions.
https://www.youtube.com/watch?v=pDmj_xe7EIQ
On Thu, Sep 3, 2015 at 8:59 PM, Kim Alvefur wrote:
> On 2015-09-03 20:31, Evgeny Khramtsov wrote:
> > Thu, 3 Sep 2015
On 2015-09-03 20:31, Evgeny Khramtsov wrote:
> Thu, 3 Sep 2015 20:25:27 +0200
> Kim Alvefur wrote:
>
>> But seriously, DANE works already¹, why haven't you deployed it
>> yet? :)
>
> That's not true. In some national domains there is no dnssec support.
> So DANE works in some countries only.
>
Thu, 3 Sep 2015 20:25:27 +0200
Kim Alvefur wrote:
> But seriously, DANE works already¹, why haven't you deployed it
> yet? :)
That's not true. In some national domains there is no dnssec support.
So DANE works in some countries only.
> This are the things that "Let's encrypt" i hope that solve quickly.
> DANE would solve this problem. And since it is DNS based it would be
> easy to implement.
No, $my_favorite_tech will solve all our problems, once everyone deploys it!
But seriously, DANE works already¹, why haven't you depl
On 09/03/2015 12:19 PM, Peter Viskup wrote:
> we know there still are issues with CA-signed and self-signed
> certificates. Self-signed certificate was the main reason for not
> accepting our server into the list of public XMPP server.
> From my perspective it would be great to implement XEP simil
This are the things that "Let's encrypt" i hope that solve quickly.
El 03/09/15 a las 11:19, Peter Viskup escribió:
> Hi all,
> we know there still are issues with CA-signed and self-signed
> certificates. Self-signed certificate was the main reason for not
> accepting our server into the list of
Notaries are CAs, except that a CA validation might potentially be
something beyond TOFU, and the assertion lifetime is well-defined. On the
other hand, the CA is picked by the service.
There's a number of approaches to identity validation given an X.509
certificate chain. Not all of them are vali
Hi all,
we know there still are issues with CA-signed and self-signed certificates.
Self-signed certificate was the main reason for not accepting our server
into the list of public XMPP server.
>From my perspective it would be great to implement XEP similar to
Convergence [1]. That could solve at l