I've begun to propose an alternative to DNS/DANE, the PERSPECTIVES project from
CMU, in version 01 of the problem statement:
http://datatracker.ietf.org/doc/draft-malbrain-tls-strong-authentication.
Have you considered what changes to the DNS system would address your concerns?
I've proposed encrypted and authenticated connections in another thread.
Karl Malbrain
________________________________
From: Simon Josefsson <[email protected]>
To: Karl Malbrain <[email protected]>
Cc: perpass <[email protected]>; Stephen Farrell <[email protected]>
Sent: Tuesday, September 24, 2013 3:48 AM
Subject: Re: [perpass] tld strong authentication deployment draft
Karl Malbrain <[email protected]> writes:
> I've uploaded a draft on tls strong authentication deployment:
>
> http://datatracker.ietf.org/doc/draft-malbrain-tls-strong-authentication
> Any comments would be appreciated.
I believe that anything based on DNS is the wrong way forward if your
problem statement involve well funded adversaries. I think DNS-based
distribution of keying material is a good way to simplify and bootstrap
opportunistic encrypted channels, however, it would not provide strong
authentication in the way that I would like to define it.
/Simon
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
