From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3266
Path: news.gmane.org!not-for-mail
From: Gregor Pintar <grpintar@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: High-priority library replacements?
Date: Tue, 30 Apr 2013 21:18:52 +0200
Message-ID: <CAOPXC2=q20yPwyodpNyyQVnj=+UOz0rJWc6ExRpUZdU4VJpj3A@mail.gmail.com>
References: <20130425041553.GA13951@brightrain.aerifal.cx>
	<CAOPXC2=iHvRetaLzvdOuRKdXe5D19_-G+2N5vf-dxxYy7M6eQg@mail.gmail.com>
	<518011C0.3060006@gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: ger.gmane.org 1367349544 637 80.91.229.3 (30 Apr 2013 19:19:04 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 30 Apr 2013 19:19:04 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-3270-gllmg-musl=m.gmane.org@lists.openwall.com Tue Apr 30 21:19:05 2013
Return-path: <musl-return-3270-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-3270-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1UXG4u-0000X5-GO
	for gllmg-musl@plane.gmane.org; Tue, 30 Apr 2013 21:19:04 +0200
Original-Received: (qmail 13899 invoked by uid 550); 30 Apr 2013 19:19:03 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 13891 invoked from network); 30 Apr 2013 19:19:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:content-type;
        bh=d4fWsrw0hAOupNsfjFNDwuxk/hyOJPQiSUmoBSYjUqM=;
        b=GiM9qI+cF7UxnHhq/1W7C9OAtNXbAOMf3NS2ddDJn8y891Zayrpo62Eg+8YUGqauup
         yzKf0sPtaDSI1ZoIJWri6OACtQhaKrJkvKAh7Q01jd4a/PEeQrQr2nOesX4N0n2O+dlo
         QAgvI9hDJhRRAi8LjfOXTp2mnJmk4CJuuphLb7LdeNLKZYDo9eFZB3Cdkat3pPLYHSbA
         pcGBDHtgjJLDaFgK1NEQfJPR3kPGTVBKuQA4D7tPRjSTChIufFC9MPB8nYsuAH5wNW51
         NSzvqRpUqQ95nMbRxRLeQzWVl6JFnJueTYcd9KUUJXT8OzRCbXcWCebqcD7r9ljiT3el
         dYPw==
X-Received: by 10.194.109.136 with SMTP id hs8mr7681168wjb.8.1367349532236;
 Tue, 30 Apr 2013 12:18:52 -0700 (PDT)
In-Reply-To: <518011C0.3060006@gmail.com>
Xref: news.gmane.org gmane.linux.lib.musl.general:3266
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/3266>

2013/4/30, Nicolas Braud-Santoni <nicolas.braudsantoni@gmail.com>:
> On 25/04/2013 08:43, Gregor Pintar wrote:
>> Hello.
>> [...]
>>
>> I think best way is not to trust any certificate authority.
>> Maybe some certificate p2p protocol could be done?
>
> Hello,
>
> Are you aware of DANE (RFC6698, https://en.wikipedia.org/wiki/DANE) ?
> It is a RFC which suggests holding certificates fingerprints in special
> DNS records.
> Since DNSSEC allows us to establish trust of these records, this is a
> simple and robust alternative to CA-based trust models.
>
> However, and AFAIK, it doesn't cope with entities that aren't accessed
> through a hostname.
>
>
> Have a good day,
>
>
Thanks, I was not aware of it.