On 03/14/14 22:45, John Adams wrote: > You misunderstand the signing practice if you think this is a good idea.
I don't get it yet, in which part would I be getting wrong, the signing of server certificates by CAs, or the DNSSEC/DANE part? Please elaborate. > > Granted, it provides a low level of encryption for clients but it does not > provide Non-repudiability to those users, opening them up to MitM attacks. I don't think non-repudiability is offered to users who connect to a site with a server certificate. I believe one needs client certificates and message signing for that. Regards, Guido. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
