There are a lot of work going on in this area, including how to use secure DNS
to associate the key that appears in a TLS server's certificate with the the
intended domain name [1]. Adding HSTS to this mix does make sense and is
something that is discussed, e.g. on the keyassure mailing list [2].
jakob
[1] http://tools.ietf.org/html/draft-hoffman-keys-linkage-from-dns-00
[2] http://www.ietf.org/mailman/listinfo/keyassure
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
