-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/24/13 4:48 AM, Simon Josefsson wrote: > Karl Malbrain <[email protected]> writes: > >> I've uploaded a draft on tls strong authentication deployment: >> >> http://datatracker.ietf.org/doc/draft-malbrain-tls-strong-authentication >> >> Any comments would be appreciated. > > I believe that anything based on DNS is the wrong way forward if > your problem statement involve well funded adversaries. I think > DNS-based distribution of keying material is a good way to simplify > and bootstrap opportunistic encrypted channels, however, it would > not provide strong authentication in the way that I would like to > define it.
Agreed. Unfortunately, it seems that we need to build on more solid foundations than most of today's Internet provides. I'd include centralized ISPs in the list of structures that are problematic. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSQYXHAAoJEOoGpJErxa2pqVYP/0tRBMf1bYoTtwuoerS3/6jF pCGul2CM9w8D+yJW98j6HzepL34SrUN7utnhsLKGMgMduIYNdI0DdcMOIMwufIdn C7ZDGd4ZycUNI7cYo8zDTDF6Me13yijIKae4Nl/r2XFnndQ1z7Sr3/mezGt+6sf6 WiyrwT7Bjyo/W7xDPwm/SjB8cNLYHjuYHNwoVegYsBaZTTjTwm8/qmWKoSnOFJLC qhdtWeIJSgKcbAN5OSZEGYdDP1ZsVBvGTwpy4yI7Bt737Dsac4+qaZwJFpN3nM3p Au36N6FGHiuVvAb0o48Mdmyr+HU0tbuxm2krg6EqfJdZbOIWZuFSnFTopNuNTSKP 2g8pdSZjhdY8lKOqvB+J6BvBajaynsMwsPiaFE+ysMU7gEOWxyWU+bHXC/rz7LLh V05UMP0OHwGwGjkojL4Em11pS9Tb/lwqnH5Yjla2NO4CggUt9r4Hx7LFOJQh3qNG +FaO+RLpuTPWwMu0scfJEvNQeiuKkoV6mvdI08HefOznSkajT2py+dsLDxK9Komh u/YXCT/T4oPMpItVzsuZFjlxWEa426RySXEgMYqL964fNiwaLhVpLB8NwoQnwWQr f3/e/msbtaZXmxpiKnUsFUheBXgLEbkcOrZGzR7xeLq3N94/Y5aDrk0TFl6yjwSg FmvZc/M8ZduQBMUsQ/R5 =ZncW -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
