This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bjørn Mork
bjorn at mork.no
Fri Aug 30 20:33:49 CEST 2019
Sander Steffann <sander at steffann.nl> writes: > Yep. I wish the use of TLSA was more wide spread. It doesn't require > third parties to "certify" who is who. +1 There is still too much money in the CA business. Which is the reason why no major browser does TLSA validation. And why "best practices" allow, or even recommend, inferior solutions like CAA, HPKP and other bad ideas instead of DANE. You gotta look at the source of those recommendations. They are most likely "best" for someones wallet. Not necessarily for security. It's amazing that they still try to make those pigs fly. Bjørn
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]