-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/11/10 02:52, Kim Alvefur wrote: > The thing I wanted to get at was to make it simpler for smaller > deployments, like some friends personal servers, to establish some > measurement of trust between themselves, without all the bureaucracy > that CA's brings.
Too bad DNSSEC is being deployed almost as slowly as IPv6. I do care about MITM attacks. But when you don't have any other choice... I was thinking about DNSSEC and storing X.509 fingerprints in the DNS... That could destroy the need of a X.509 CA hierachy. You can actually do it now, with no DNSSEC, if you accept DNS is safe (current situation with dialbacks). Store the certificate fingerprint in a DNS record. - -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ [email protected] - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ jabber / xmpp:[email protected] _/_/ _/_/ _/_/_/_/_/ . _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTOSUGplgi5GaxT1NAQKISQP/U9EIlcp0ZyVH5qfzPpesTI/OgDagXQOi usSmClFrAdwhFyMqYxuYNhHOcTqMawZ1F97amZl8T+q7uFXbTn87iVVCPFcy3X/e rFlbeclb6fYBAxFzTPgsE0Ln5exWZwC1C3TAJ0ILby63gFBahHs4/B6+RHpruVtX 020YUxiMxGE= =JZEt -----END PGP SIGNATURE-----
