[Cryptography] Why aren’t we using SSH for everything?
bascule at gmail.com
Sun Jan 4 18:18:45 EST 2015
On Sun, Jan 4, 2015 at 7:23 AM, Christoph Anton Mitterer <
calestyo at scientia.net> wrote:
> Apart from that,... everyone should know by now, that the X.509 / CA
> based trust system we have in TLS is inherently broken... alone the fact
> that you have several 100 CAs in your browsers, many completely
> untrustworthy or proven to be incompetent.
Yes, I'm sure everyone on this list knows Achmed's Used Cars and
> So probably the best possible way to have a strict hierarchical system
> would be DANE.
Great in theory, but DNSSEC is terrible in practice
> And for DANE in turn, you could just place your SSH keys in DNS. Scales
> as good as anything else.
Is that even supported now?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography