-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 11/21/14, 9:24 AM, Stephane Bortzmeyer wrote: > On Thu, Nov 20, 2014 at 09:23:33PM -0800, Christian Huitema > <[email protected]> wrote a message of 29 lines which said: > >> This would change if there was an easy way to detect that the >> site intended to use self-sign cert. > > That's precisely what RFC 6698 does... Deploying this > standard-track RFC would help a lot more than creating a new CA (we > already have a gratis and automatic CA, CAcert). Correct me if I'm wrong but there's not much EFF, Mozilla, et al. can do to directly catalyze deployment of DANE. And the Let's Encrypt effort will be both a new CA that I expect to be more widely supported than CAcert [1] but also a highly-usable doman-validation tool similar to sslmate (check that out if you have not). best, Joe [1]: http://wiki.cacert.org/InclusionStatus - -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) iQIcBAEBCAAGBQJUb2qCAAoJEF+GaYdAqahx2EMP/RPuvqJ5DV2nK2qin/p3Chx+ iOk5r0l09NCVWFwl3IKg1mrzNGqsyQ4itv1iRPpxYxs9JEpD2l0HPMcZglkvSG1L Ycr770HEOEQuR5MVC0VfiPgYRsgQmPk0dTzVvUygq6rQPBZcxpZIAaeDJOa6WMdP OMPFECnFE++v0chcjcw5E4G8gAPyT6B/OrKndmb4yNov/cRRMMG7dmlZaRwnIsS5 Vy6S/H9+9EygKUK3uzWsabTMM+SOFDlncFlVtuaQWNwaShwp7t/3zNVg+c/0B6kv CPiUJ+QATFmITg1MZGzdfjWOCOKp88SRdt9D4A2tEWSuQ+g7HNT/kcVyqjTkoX9d /SDoydwLlgbyvJW3+j0MvHQFtJMDXMn1W3gFJCtBGwDG0bykH56SMny36D1ABwmu pV5Khp6ycwrYlhhTye8C4zZ7BsBzrMR5VCHjJi0c00z25/AfKfDskTJzGQVk1Fv3 RQkhDQ/2glSePdP8zONtebsPrYCWv39/Szqd5VYRk7iF1bhfHxJ4UyaKzMboYUAQ qs9dGNW4dq+sptZWZ14weZ3ABGxb36UWqgn8SA5VAlAcCGvIMZOH/0KG5+iUcJI2 dUHmz/VtRq28Eu5h+IHrXx+z2sPcXxL+sS+BBy2hgjFQV8UMv97sxndP6S1H/UM8 y4PujeRKiriN3pRaU6eD =QwCN -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
