On 9/21/14, 9:00 AM, James Graham wrote:
I am substantially less convinced that tying these tests to the spec
lifecycle makes sense.
Agreed. The only reason it's an issue for me is the lack of
errata-issuance by the W3C and hence the tendency to attempt to enshrine
obviously-wrong things in
Pretty sure that what he's referring to is called DANE. It lets a domain
holder assert a certificate or key pair, using DNSSEC to bind it to the domain
instead of PKIX (or in addition to PKIX).
https://tools.ietf.org/html/rfc6698
On Sep 21, 2014, at 8:01 AM, Anne van Kesteren wrote:
> On S
On 20/09/14 03:46, Boris Zbarsky wrote:
> On 9/19/14, 8:23 PM, L. David Baron wrote:
>> W3C recently published the following proposed recommendation (the
>> stage before W3C's final stage, Recommendation):
>
> The biggest issue I have with this is exiting CR without anything
> resembling a compreh
On Sun, Sep 21, 2014 at 1:14 PM, Aryeh Gregor wrote:
> What happened to serving certs over DNSSEC? If browsers supported
> that well, it seems it has enough deployment on TLDs and registrars to
> be usable to a large fraction of sites.
DNSSEC does not help with authentication of domains and esta
On Mon, Sep 15, 2014 at 11:34 AM, Anne van Kesteren wrote:
> It seems very bad if those kind of devices won't use authenticated
> connections in the end. Which makes me wonder, is there some activity
> at Mozilla for looking into an alternative to the CA model?
What happened to serving certs over
5 matches
Mail list logo