Marc Lampo <[email protected]> wrote: > But since domain registration can be quite anonymous > doesn't this mean that anybody could, if support for TSLA is widespread, > create https websites that do not cause warning messages to users.
Yes, that is the desirable outcome. > To me it seems that anybody could, kind of, produce his own identity card ? No, the identity is provided by the parent domain. > It that is the case, it would only increase the need for HTTPS inspection > - "man-in-the-middle" - Why? > in which case the certificate offered to the user will change > and no longer be "in line" with the TLSA record. Indeed. DANE will detect the man-in-the-middle attack. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
