against dnssec
Reindl Harald
h.reindl at thelounge.net
Sun Jan 18 04:19:38 UTC 2015
Am 18.01.2015 um 03:43 schrieb Kevin Kofler:
> Reindl Harald wrote:
>> in fact DNSSEC is the prerequisite for
>> http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
>> which has the potential to replace the horrible need of CA signed
>> certificates for SSL which are in fact *completly* unrelieable because
>> every random of the thousands entities your browsers trusts can sign any
>> random domain certificate
>
> The article also addresses (or claims to address) that, claiming that DANE
> only moves us from private cartel control to government control, which is
> not necessarily an improvement.
uhm they control it now too
but now every random idiot finding a CA not verify the request can get a
valid cert for your domain trusted by every browser - DANE is reducing
the circle of persons able to do this and that *is* an improvment
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150118/7bcbb6ff/attachment.sig>
More information about the devel
mailing list