Ian G wrote:
Hi Adam,
On 10/09/2011, at 20:16, Adam Back <[email protected]> wrote:
So I hear CA pinning mentioned a bit as a probable way forward, but I didnt
see anyone define it on this list,
Adam described it in this list. The specific mechanism is less important than
what it achieves: the browser knows that the website is constrained to use the
certs of only one CA.
The rest is implementation detail.
E.g. http://datatracker.ietf.org/wg/dane/ (DNS-based Authentication of
Named Entities (dane))
and http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ (Using
Secure DNS to Associate Certificates with Domain Names For TLS)
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
