Hacker News new | ask | show | jobs
by alanfranz 292 days ago
This is called DANE. I don’t know if I missed an implied /s in your message.

You overlooked the need for DNSSEC, so another PKI with his own quirks, and somehow less reliable than CAs.