This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] SSL Certificates for ripe anchors

Previous message (by thread): [atlas] SSL Certificates for ripe anchors
Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bjørn Mork bjorn at mork.no
Fri Aug 30 20:33:49 CEST 2019

Sander Steffann <sander at steffann.nl> writes:

> Yep. I wish the use of TLSA was more wide spread. It doesn't require
> third parties to "certify" who is who.

+1

There is still too much money in the CA business. Which is the reason
why no major browser does TLSA validation.  And why "best practices"
allow, or even recommend, inferior solutions like CAA, HPKP and other
bad ideas instead of DANE.  You gotta look at the source of those
recommendations. They are most likely "best" for someones wallet.  Not
necessarily for security.

It's amazing that they still try to make those pigs fly.

Bjørn

Previous message (by thread): [atlas] SSL Certificates for ripe anchors
Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]