This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jóhann B. Guðmundsson
johannbg at gmail.com
Fri Aug 30 23:59:02 CEST 2019
On Fri, Aug 30, 2019, 20:30 Randy Bush <randy at psg.com> wrote: > > There is still too much money in the CA business. > > well, though on the surface i agree, i do not take it as a motivation to > add one more chunk of sysadmin. > > > Which is the reason why no major browser does TLSA validation. > > well. there is the extra protocol turn. agl tried and backed off, > seemingly because of that. > The problem with the added extra lookup which added more latency, which increased the chances for packet loss, causing expensive timeouts and retransmitions had been somewhat worked on but abandoned [1] and wont be revisited due to [2] being the browser community take on this afaik. Given that Let's encrypt own root which was supposed to be pushed out this July but got delayed til 2020 is widely trusted by browser, one can hardly claim that the browser community is run by some "cert cabal" If the "cert cabal" will try anything it will be to block acceptance and or usage of self and Let's encrypt signed certs with high profile cloud providers because that's where the money is and corporates are somewhat vendor locked in there, which makes them an easy pray for additional fees.. JBG 1. https://www.imperialviolet.org/2011/06/16/dnssecchrome.html 2. http://www.certificate-transparency.org -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/ripe-atlas/attachments/20190830/3b9f517c/attachment.html>
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]