Roland Mas <lola...@debian.org> writes: > I understand that behemoths such as Iceweasel may take some time to > move, but maybe Git could be made to use the TLSA records in DNSSEC? > Postfix does make use of them, and SSH uses their SSHFP cousins, so it's > not completely an abstract idea.
> Roland, > who spent some time DNSSECing his infrastructure and hoping it'll be > worth it in due time. Yeah, that would be really cool. Also, for people coming from Debian hosts talking to the Debian infrastructure, at least in theory we *could* do certificate pinning, which transforms HTTPS into a worthwhile security protocol. It's not exactly trivial to work out the UI and integration problems, and it doesn't help for people not coming from a Debian system (at least as much), but it might be worth considering. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zj4ozoqq....@hope.eyrie.org
