This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] SSL Certificates for ripe anchors

Previous message (by thread): [atlas] SSL Certificates for ripe anchors
Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sander Steffann sander at steffann.nl
Fri Aug 30 16:36:29 CEST 2019

Hi,

> Hold your horses, self-signed cert with proper TLSA records in
> DNSSEC-signed domain is even better, see
> https://tools.ietf.org/html/rfc6698 .
> 
> Besides other things correctly configured TLSA record + client side
> validation prevents rogue or compromised CAs from issuing "fake but
> accepted as valid" certs.
> 
> So I would say RIPE NCC is attempting to do security it in the most
> modern way available.

Yep. I wish the use of TLSA was more wide spread. It doesn't require third parties to "certify" who is who.

Cheers,
Sander

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: </ripe/mail/archives/ripe-atlas/attachments/20190830/e4ee16c0/attachment.sig>

Previous message (by thread): [atlas] SSL Certificates for ripe anchors
Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]