From: Tim Newsham <newsham@lava.net>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Are we ready for DNSSEC ?
Date: Sun, 24 Jan 2010 08:14:09 -1000 [thread overview]
Message-ID: <Pine.BSI.4.64.1001240810080.5454@malasada.lava.net> (raw)
In-Reply-To: <dd6fe68a1001231711u6157bbdcv42c564722749b9de@mail.gmail.com>
> dns is a non-issue if the rest of ssl is working.
> dns is irrelevant if it isn't.
Except when SSL has chinks in its armor. Like incidents of
certificate authorities being convinced to give out certs for
domains that don't belong to the requestor. Or bugs in SSL
cert validation that compares names only up to the NUL character
and certificate authorities willing to make CERTs with NULs
in the cert name. Or certificate authorities giving out unqalified
"local" certificates that can be repurposed as non-local certs.
Or simply the fact that the majority of the
SSL using population has been trained to disreguard SSL mismatches
by clicking through any dialog box that appears while browsing.
At any rate, it would be nice having a certificate system that
was more closely tied to the DNS heirarchy...
> russ
Tim Newsham | www.thenewsh.com/~newsham | thenewsh.blogspot.com
next prev parent reply other threads:[~2010-01-24 18:14 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-20 13:26 maht
2010-01-20 13:42 ` erik quanstrom
2010-01-20 15:14 ` Patrick Kelly
2010-01-20 15:33 ` erik quanstrom
2010-01-20 16:39 ` Patrick Kelly
2010-01-20 16:49 ` erik quanstrom
2010-01-20 17:29 ` Patrick Kelly
2010-01-20 17:47 ` Russ Cox
2010-01-20 18:17 ` erik quanstrom
2010-01-20 20:11 ` Russ Cox
2010-01-20 19:13 ` Patrick Kelly
2010-01-23 23:59 ` John Barham
2010-01-24 0:42 ` erik quanstrom
2010-01-24 0:52 ` Russ Cox
2010-01-24 1:01 ` erik quanstrom
2010-01-24 1:11 ` Russ Cox
2010-01-24 1:18 ` erik quanstrom
2010-01-24 13:19 ` hiro
2010-01-24 14:57 ` erik quanstrom
2010-01-24 21:49 ` Russ Cox
2010-01-24 22:12 ` Tim Newsham
2010-01-24 22:20 ` erik quanstrom
2010-01-24 18:14 ` Tim Newsham [this message]
2010-01-25 20:45 ` Wes Kussmaul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.BSI.4.64.1001240810080.5454@malasada.lava.net \
--to=newsham@lava.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).