[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Shreyas Zare
shreyas at technitium.com
Fri Apr 25 06:50:39 EDT 2025
On 4/25/2025 3:36 PM, Christian de Larrinaga wrote:
> Shreyas Zare via cryptography<cryptography at metzdowd.com> writes:
>>> *That* is what certificates protect against. DNSSEC will not help
>>> you at all because as long as you are connected to my hot spot, I
>>> control the entire Internet from your point of view, not just DNS.
>> DNSSEC will help protect with DANE. Controlling a hot spot does not
>> make it vulnerable.
>>
>> Its about time web browsers add support for DANE as an alternative
>> option for people who want to use it.
>>
>> Regards,
>> *Shreyas Zare*
> DNSSEC signing a zone to the root is needed first?
Yes, that's the prerequisite to have the zone signed. Which is much
easier to do with some DNS providers which give you an ON/OFF switch to
sign your zone.
Regards,
*Shreyas Zare*
Technitium <https://technitium.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250425/325a4d67/attachment.htm>
More information about the cryptography
mailing list