Trust model for addresses and certificates (DANE etc..)

solderpunk solderpunk at SDF.ORG
Fri May 29 15:53:32 BST 2020

Previous message (by thread): Trust model for addresses and certificates (DANE etc..)
Next message (by thread): Syntax highlighting for GtkSourceView (GNOME Builder, gedit)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 29, 2020 at 04:29:46AM -0400, southerntofu at thunix.net wrote:
> Hey,

Hey!

I'm too bummed out over this data:// URL nonsense to give a detailed
response to this right now, but let me quickly say:  I am a big fan of
DANE, and I'm aware of an unhappy about the sad state of affairs which
is DNS security.  I'm very reluctant to spec any of it because the
implementation burden is *heavy*, but I have big plans to stick all
kinds of stuff into AV-98 in the future to reduce the risk associated
with the initial TOFU acceptance.  This includes looking for DANE
records (ideally over DNScrypt, so that even in the absence of DNSSEC
there is *some* extra security - and, yes, I realise that DNScrypt and
DNSsec provide very different kinds of security) and also various ideas
riffing on the old Perspectives project.  Hell, I'm even curious about
DNS-over-Gemini.  I'll write about all this in due time.

Cheers,
Solderpunk

Previous message (by thread): Trust model for addresses and certificates (DANE etc..)
Next message (by thread): Syntax highlighting for GtkSourceView (GNOME Builder, gedit)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list