towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

Paul Wouters paul at
Thu Aug 26 12:21:57 EDT 2010

On Thu, 26 Aug 2010, dan at wrote:

> > as previously mentioned, somewhere back behind everything else ... there
> > is strong financial motivation in the sale of the SSL domain name digital
> > certificates.
> >
> While I am *not* arguing that point, per se, if having a
> better solution would require, or would have required, no
> more investment than the accumulated profits in the sale
> of SSL domain name certs, we could have solved this by now.

Currently, the IETF keyassure WG is working on specifying how to use DNS(SEC)
to put the certs in the DNS to avoid the entire CA authentication.

It seems to be deciding on certs (not raw keys/hashes) to simplify and re-use
the existing TLS based implementations (eg HTTPS)


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list