[Cryptography] At what point should people not use TLS?
Tony Arcieri
bascule at gmail.com
Sat Apr 16 19:48:28 EDT 2016
On Tue, Apr 12, 2016 at 8:31 PM, fcorella at pomcor.com <fcorella at pomcor.com>
wrote:
> This would be difficult to do in TLS, because the client would have to
> retrieve the server's certificate chain, and the DNS may not be able
> to supply that much data without hiccups.
>
While I'm not really a fan of DNSSEC, DANE TLSA records can contain a
Domain-Issued Certificate where the entire certificate is provided in and
authenticated via a DNS response.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160416/2494775f/attachment.html>
More information about the cryptography
mailing list