From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3265
Path: news.gmane.org!not-for-mail
From: Nicolas Braud-Santoni <nicolas.braudsantoni@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: High-priority library replacements?
Date: Tue, 30 Apr 2013 20:47:28 +0200
Message-ID: <518011C0.3060006@gmail.com>
References: <20130425041553.GA13951@brightrain.aerifal.cx> <CAOPXC2=iHvRetaLzvdOuRKdXe5D19_-G+2N5vf-dxxYy7M6eQg@mail.gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="----enig2VMQHOLCLBBBQLTDUNWEG"
X-Trace: ger.gmane.org 1367347673 12532 80.91.229.3 (30 Apr 2013 18:47:53 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 30 Apr 2013 18:47:53 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-3269-gllmg-musl=m.gmane.org@lists.openwall.com Tue Apr 30 20:47:54 2013
Return-path: <musl-return-3269-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-3269-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1UXFae-0002kX-Jp
	for gllmg-musl@plane.gmane.org; Tue, 30 Apr 2013 20:47:48 +0200
Original-Received: (qmail 31976 invoked by uid 550); 30 Apr 2013 18:47:47 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 31968 invoked from network); 30 Apr 2013 18:47:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=x-received:message-id:date:from:user-agent:mime-version:to:subject
         :references:in-reply-to:x-enigmail-version:content-type;
        bh=PWeKjE6VIW/kGmNbvXAq1b60aNt8eyaL2TLR8st1FKA=;
        b=ywfkZaxEFdSOd4jtgkCDFocTOWPSWR1yIcalIriwIShYI5GbEohdB3j2vcO4JlB19i
         PYj1BUGAd2YwgCTqT3wIHOz/3cU/6AJD/M8/XFXS+w9WAUy2Dgjlz+n7XtRKM8nrk60T
         y2YwHpOFeyizNtAvW4V/M+aHSepQWFm2zTmOm7IObthX6w8i2BizqxxIElvA1WkNPqJq
         XQfSbGpJ17mBazRLe6pH7MJU+N1Y4CPdW7WmvC+T6iRyZ1wZ0n+lKKF2wddwi43MjA1Z
         BIpV1wcRWlr5I8TD6CIoiJXXlyt2fW6toybdknbexhbgGdeTJXhk37XbQAsR9qntYDEo
         AgGA==
X-Received: by 10.180.108.106 with SMTP id hj10mr26747486wib.0.1367347656265;
        Tue, 30 Apr 2013 11:47:36 -0700 (PDT)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130325 Thunderbird/17.0.4
In-Reply-To: <CAOPXC2=iHvRetaLzvdOuRKdXe5D19_-G+2N5vf-dxxYy7M6eQg@mail.gmail.com>
X-Enigmail-Version: 1.5.1
Xref: news.gmane.org gmane.linux.lib.musl.general:3265
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/3265>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2VMQHOLCLBBBQLTDUNWEG
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 25/04/2013 08:43, Gregor Pintar wrote:
> Hello.
> [...]
>
> I think best way is not to trust any certificate authority.
> Maybe some certificate p2p protocol could be done?

Hello,

Are you aware of DANE (RFC6698, https://en.wikipedia.org/wiki/DANE) ?
It is a RFC which suggests holding certificates fingerprints in special
DNS records.
Since DNSSEC allows us to establish trust of these records, this is a
simple and robust alternative to CA-based trust models.

However, and AFAIK, it doesn't cope with entities that aren't accessed
through a hostname.


Have a good day,


------enig2VMQHOLCLBBBQLTDUNWEG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBAgAGBQJRgBHFAAoJEPv4tP2UoeSeMCkQAK64/FkcTFQaLQDjcdW+WRL2
OySvapXCNRCgPppC2lU0efBZTayGRez7OuTduZh+24KNVOkq6O25HZh0CHIKEURJ
yuUGc1bR3H4I/N4f4Mn+G+1y7LUeWnvmydTelw1qctDPQuAM/ROBTWFj/OAhFI5Y
UKE5nudFWIqbnmYqXFEH4/sSuIYsSz157r/orqPgWaTSQQcOzaO8j4kND/uKKY2t
IQPvvBPFuvkuWC2tqEi3ZWi9xwZt88OYHMm/NYVWOXex7VcwlIc9QzukNb6VvXgg
geVNaseNV1xVHPoAeRz3H32VC8Kc6ZZccF8vboID0xWoy82ZUdJA6OQgJ2661U8d
0CdE+ZsOPPUzzLoRZHeUBlSaGO9UKFZ6dlC9YwwZrcZS8BUklGj2Q05FdmVDkYrC
DjawcWg0c4bmfDaQbbGc58XsuVs32/FVd8rPrkHeMSmrrXLJePQxIqRQYnTtiNfR
X8SnVgQtdBF7sPhjReTCt+XPcsVDGmEW19O/SiLjRYY58LpGjPbFce3uDdDIgA0X
Fyx06wUMNHf9oKqDH1ZBz20wOopQhza2APrNvFYqiVsv7Q6Z2I7QMTlorUDQjhgI
nT6/syB2BVn4BL7URzyOZmsfASH7lOhy5RF/HhYkohBYVVaFL3i+xml9PRmRT4B3
DHd//W7FMrHy3OXSEKgQ
=xbk+
-----END PGP SIGNATURE-----

------enig2VMQHOLCLBBBQLTDUNWEG--