|
|
|
|
|
|
by entropyie
1251 days ago
|
|
|
All fair points, and I would settle for HTTP equivalent UX.
DOH and DOT would go some way to mitigating DNS inadequacies (although they have their own issues in terms of network autonomy).
I personally think the best long term solution would be for each TLD to maintain the CA bundle and TLS standards for that TLD.
That way there is no case where a CA cert from CN can issue a cert for google.com . It would also specifically allow non-identity locally issued certs for .local, .lan, .hobby etc... |
|
|