Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
2014-08-06 00:16:19On 6 aug 2014, at 04:26, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
Use DANE without DNSSec, and calling it opportunistic probably makes sense. Using it with DNSSec and it doesn't.
The devil is in the details. I think we disagree on the meaning of the word "opportunistic", and the evaluation of whether you are lucky enough. Personally, I think that as fragile the current CA system is, I think DANE without DNSSEC is more stable and better than the current CA system. And better than self-signed-certs that one "just accept" (which happens quite a lot). Patrik
signature.asc
Description: Message signed with OpenPGP using GPGMail
| Previous by Date: | Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Viktor Dukhovni |
|---|---|
| Next by Date: | Wikipedia, was Target audience? (was Last Call Opportunistic Security: some protection most of the time to Informational RFC), Alessandro Vesely |
| Previous by Thread: | Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Viktor Dukhovni |
| Next by Thread: | Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, John C Klensin |
| Indexes: | [Date] [Thread] [Top] [All Lists] |