Hi folks,
I'm new to the I-D/RFC process so apologies for any naivety!
Firstly, I've done a quick search for any commentary around this but haven't
found anything specific - but let me know if I've likely missed something.
I want to propose a way for a user agent to trust self-signed certificates. Is
this best discussed here in TLS, or perhaps over at HTTP?
In essence, I'm proposing that user agents should trust a fully DNSSEC domain
with a TLS certificate set up using DANE, along with changes to CT log
submission process to allow self-signed certificates (looking to suggest via
rfc9162).
I've set up an example site and GitHub repo with more details:
- https://justselfsigned.org
- https://github.com/OllieJC/justselfsigned.org
It'd be great to get your thoughts and support to progress this.
Thanks,
Ollie
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls