On 02/12/2011 05:57 PM, From Stephen Schultze:
Not at all. I was inviting others to voice their support of your
position as well, but so far it's just you.
Don't take this as an indicator of such - I'm usually more vocal (than
others) and others might be not willing to enter into discussions with
those that try to disrupt their business (or however the intention of
the advocates (You) is perceived). Also this is not the policy list and
the reason I thought this might be a place to share some arguments in
favor and against.
DANE is probably not a bad thing, it can be quite useful, depending on
how this is applied. The proposed standard however states:
Instead of trusting a certification authority to have made
this association correctly, the user might instead trust the
authoritative DNS server for the domain name to make that
association.
I can see how DANE could be useful with CA issued certificates. The
above is a non-starter (at least for me) and rather dangerous for any
third party relying on it. But those are my opinions at least if and
until this gets implemented anywhere and I can prove my point.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
