-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 i mentioned, because, in windows side, these are the only choices so far for firefox which at-least can be used easily.
So it seems, for windows users, best (and probably only one, current) alternative is : using a VirtualBox or using your own choice of Virtualization software based Linux/Unix VM instance, with a minimal X / GUI / Desktop (LXDE, XFCE, etc), and then doing tests using the Bloodhound web-browser from such VM. - -- Bright Star. Received from Viktor Dukhovni, on 2013-05-28 10:00 PM: > On Tue, May 28, 2013 at 09:11:13PM -0700, Bry8 Star wrote: > > >> I would agree completely, these addons have many more bugs and far >> from perfect. Even in "3 s m" or "2 s m" detection & verification, >> not very consistent yet. > > You are much more charitable to major design and implementation > flaws than I am willing to be. > >> So very likely internal source-codes are tuned for limited TLSA >> cases only. > > Why promote the use implementations that don't even correctly > implement the subset of parameters they set out to support? > >> It would have been great, if those two addons could show cert chain >> or debug info on which exact certs or chain of certs these addons >> have checked/verified. > > IMHO it would have been even better if at least the one I read was > never released to the public. Don't confuse the feature set with > the implementation. > > How do you know they do what they claim to do? Be skeptical of > new implementations of security mechanisms (including mine). They > need to be thoroughly vetted before they are fit for use by the > public. > >> And if those two addons are further improved for using with >> Thunderbird for _993 , _995 , _25 , _465 based services then that >> would have been very helpful. Currently those two addons do not >> understand those DNS RR. > > More flawed security code used more broadly is not progress. > > Yes, there should be multiple implementations, but not very many. > Security libraries and plugins need to be written with above average > attention to detail and must stand the test of time. The design > should be feature complete and generally correct, before any code is > written. > -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRpZebAAoJEID2ikYfWSP6rhMP/093gh5eCTFV5gpRys0E9ete zL6ht+eYuyn2zlIaPk33WnN9EzZVbnOTgVN4+QiCh+bxcT2wMbAi/RSNgbyHUH0E CxrTULWfFQcqW4rHGUxRvAg2v49FK8Bi/k2uoE8DNflGtvvC13EVh8BmqR54y+6p ytIpIDspoKJs7TYhk6tQ7w/RWdfjuJChbX1bSK1osJoBDp6z4ocp4PnVZyMZiiWd 1iC0S7izPYb6KmIodRRtFMKW2k5VPI9RBfCpbQOG/YqX5MhAKd/bzBeHUrhuIJKY nv9VAAbdmqNrUU9ECxnraTy7VazNTD6MkCnSI8LialOelVV8IeMFDRLatEKF0IH7 YGdqC8RMuz/hTLitTWVLqW8IjsyB4D5Iwxpk/2+rZvVdRth5Fe7ve8k9r1KaHFTs fNksOm2GiR7gpebSNlcSkzdTX0BS5AmQZwcTyi5RIq00+v2NCYM7+uZOgaM1eGyx E1lbdxN7xJSKPWvaR6OukR99A35/jb5ZX9nabqqGFJiescX6XLoO+nzXpYHQJPZM Hwn5poAzP1Uzo8+a8VglmJLpT/VTt4I/zq27o8abShpgdMWVO73y0fWSe3PzWyu1 Rbfqx22mYGT4t5xB2LPekbDwN870dQ/Yn6oXL5p1138GkWtnc7evhTvx4fEWm+sS eCXsKoUyx0ZWJsljj5/J =HFf/ -----END PGP SIGNATURE----- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
