Am 18.01.2015 um 03:43 schrieb Kevin Kofler:
Reindl Harald wrote:in fact DNSSEC is the prerequisite for http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities which has the potential to replace the horrible need of CA signed certificates for SSL which are in fact *completly* unrelieable because every random of the thousands entities your browsers trusts can sign any random domain certificateThe article also addresses (or claims to address) that, claiming that DANE only moves us from private cartel control to government control, which is not necessarily an improvement.
uhm they control it now toobut now every random idiot finding a CA not verify the request can get a valid cert for your domain trusted by every browser - DANE is reducing the circle of persons able to do this and that *is* an improvment
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
