[Cryptography] Why aren’t we using SSH for everything?
Tony Arcieri
bascule at gmail.com
Sun Jan 4 18:18:45 EST 2015
On Sun, Jan 4, 2015 at 7:23 AM, Christoph Anton Mitterer <
calestyo at scientia.net> wrote:
> Apart from that,... everyone should know by now, that the X.509 / CA
> based trust system we have in TLS is inherently broken... alone the fact
> that you have several 100 CAs in your browsers, many completely
> untrustworthy or proven to be incompetent.
>
Yes, I'm sure everyone on this list knows Achmed's Used Cars and
Certificates
> So probably the best possible way to have a strict hierarchical system
> would be DANE.
>
Great in theory, but DNSSEC is terrible in practice
> And for DANE in turn, you could just place your SSH keys in DNS. Scales
> as good as anything else.
Is that even supported now?
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150104/ce2d8991/attachment.html>
More information about the cryptography
mailing list