|
|
|
|
|
|
by itistoday2
4263 days ago
|
|
|
Yep. Note also that DANE (as they mention) currently depends on the full-blown DNSSEC stack to be useful. However, the full-blown DNSSEC stack suffers from many technical and design-related problems: http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authe... http://ianix.com/pub/dnssec-outages.html Disclaimer: I work on DNSChain, a blockchain-based alternative to DNSSEC & X.509. Note that DNSChain does support blockchain-authenticated DANE TLSA records. In the future, DNSSEC's SIG record may be used to provide MITM-proof verification of the validity of that TLSA record for DNS-based apps. |
|
|