This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] SSL Certificates for ripe anchors

• Previous message (by thread): [atlas] SSL Certificates for ripe anchors
• Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush randy at psg.com
Fri Aug 30 22:29:42 CEST 2019

> There is still too much money in the CA business.

well, though on the surface i agree, i do not take it as a motivation to
add one more chunk of sysadmin.

> Which is the reason why no major browser does TLSA validation.

well. there is the extra protocol turn.  agl tried and backed off,
seemingly because of that.

but, if we want to encourage tlsa, recommended values for the three
lovely but obscure (after all, it is the dns) parameters.  victor
whacked me into using 211 with let's encrypt certs.

randy

• Previous message (by thread): [atlas] SSL Certificates for ripe anchors
• Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]