[Cryptography] Certificates and PKI
Paul Wouters
paul at cypherpunks.ca
Mon Dec 29 22:20:25 EST 2014
On Mon, 29 Dec 2014, Christian Huitema wrote:
> Implementations could assume that algorithmically derived names like
> "_<port>._<proto>.mxhost.example.com" are in the same zone as
> "mxhost.example.com." The cost of being wrong is not all that high. The
> protocol ID will leak, but that can in most cases be already inferred from
> the host name.
That would be wrong. For instance, for fedoraproject I am planning to
host _openpgpkey.fedoraproject.org as a separate zone, while not
everyone might do that.
Paul
More information about the cryptography
mailing list