Discuss mailing list

[staticsafe <me AT staticsafe.ca>]

On 9/22/2013 23:33, John David Galt wrote:
> On 2013-09-22 20:17, Coyo wrote:
> > Verisign is a very influential company. They operate many of the root
> > DNS servers for the entirety of the Internet, they are one of the most
> > critical of the Certificate Authorities.
> >
> > People trust their Internet privacy and security to this company every
> > second of every day.
> >
> > This company has abused that trust innumerable times.
>
> They're not the only ones.  Many nasty governments, as well as too-nosy
> companies, have been given the status of Certificate Authority, and
> nobody has yet published a list of who the CAs really are, so as it
> stands, SSL should be considered completely compromised.
>
> What we need is either a new, web-of-trust protocol, or at the least a
> new, trustworthy SSL authority that can take the place of all the ones
> we have now.
>
> If that means that traffic from spy-ridden countries starts being
> blocked by one site after another, so much the better.

DNSSEC + DANE [0] may be the answer.

[0] - https://tools.ietf.org/html/rfc6698
--
staticsafe
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Please don't top post. It is not logical.
Please don't CC me! I'm subscribed to whatever list I just posted on.