This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jóhann B. Guðmundsson
johannbg at gmail.com
Fri Aug 30 17:08:06 CEST 2019
On 8/30/19 2:36 PM, Sander Steffann wrote: > Hi, > >> Hold your horses, self-signed cert with proper TLSA records in >> DNSSEC-signed domain is even better, see >> https://tools.ietf.org/html/rfc6698 . >> >> Besides other things correctly configured TLSA record + client side >> validation prevents rogue or compromised CAs from issuing "fake but >> accepted as valid" certs. >> >> So I would say RIPE NCC is attempting to do security it in the most >> modern way available. > Yep. I wish the use of TLSA was more wide spread. It doesn't require third parties to "certify" who is who. The third parties that "certify" are for others to establish trust in that you are who you claim to be not because its "required" and the security industry has deemed those who do not atleast get some other entity to validate, not to be worthy of trust. Just because Trump says he's a genius and the "chosen one" does not make him one now does it... JBG
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]