|
|
|
|
|
|
by wav-part
2722 days ago
|
|
|
Obviously the signing of example.com by .com must be secure itself. Otherwise no crypto delegation is secure, including tls signing. > where DANE replaces X.509 CAs Much easier migration actually. Just patch all firefox/etc to accept example.com's DNSSEC key as root ca. Then example.com can create its own tls cert. A very simple and minor patch to tls codebase. |
|
|