[Cryptography] Well, that only took ten years

Udhay Shankar N udhay at pobox.com
Thu Aug 15 06:51:01 EDT 2019


On Thu, Aug 15, 2019 at 4:27 AM Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

In any case it'll be interesting to see what the next
> deckchair-rearrangement
> in browser PKI will be.  Whatever it is, I'd like to take this opportunity
> to
> predict in advance that it'll have no effect.
>

The next major advance in browser PKI is already here in Firefox. It is DNS
over HTTPS which needs to be manually turned on (separately, the default
resolver, provided by Cloudflare, also supports DNSSEC). At some point this
will become enabled by default (along with https connections) and then EV
will be irrelevant, or perhaps exist as a mirror image version that serves
to indicate when the connection you have is NOT some combination of:

- Connection being https encrypted
- DNS lookup being https encrypted
- server certificate being validated

Udhay

-- 

((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190815/8b392dbd/attachment.htm>


More information about the cryptography mailing list