Project

General

Profile

Actions

Enhancement #273

closed

DNS-secured CERTs using TLSA

Added by Marc Dequènes almost 13 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Category:
Service :: IS / AAA / PKI
Start date:
2012-01-14
Due date:
% Done:

100%

Estimated time:
Patch Available:
No
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Yes
Help Needed:
No

Description

Current CA model is flawed, and we cannot trust any CA if they are not maintained by people we know. It is a major problem to be able to work we third party websites.

The DANE projet aims at using DNSSEC to securely propagate secure data association, like vhost <-> CERT, so we should follow the progress of its specification and test emerging implementations. When it is ready enough, we should then ask software implementors to use this new technology. Drafts can be found here:
http://datatracker.ietf.org/wg/dane/


Related issues 1 (0 open1 closed)

Related to DuckCorp Infrastructure - Enhancement #274: Experiment a Diaspora nodeRejected2012-01-14

Actions
Actions

Also available in: Atom PDF