towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)
Paul Wouters
paul at xelerance.com
Thu Aug 26 12:21:57 EDT 2010
On Thu, 26 Aug 2010, dan at geer.org wrote:
> > as previously mentioned, somewhere back behind everything else ... there
> > is strong financial motivation in the sale of the SSL domain name digital
> > certificates.
> >
>
> While I am *not* arguing that point, per se, if having a
> better solution would require, or would have required, no
> more investment than the accumulated profits in the sale
> of SSL domain name certs, we could have solved this by now.
Currently, the IETF keyassure WG is working on specifying how to use DNS(SEC)
to put the certs in the DNS to avoid the entire CA authentication.
It seems to be deciding on certs (not raw keys/hashes) to simplify and re-use
the existing TLS based implementations (eg HTTPS)
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list