[Operators] SSL trust in XMPP world

Peter Viskup skupko.sk at gmail.com
Fri Sep 4 08:15:28 UTC 2015


Quite old, but still interesting video from DefCon19 about CAs, DNSSEC and
that Convergence project as one of the possible solutions.

https://www.youtube.com/watch?v=pDmj_xe7EIQ

On Thu, Sep 3, 2015 at 8:59 PM, Kim Alvefur <zash at zash.se> wrote:

> On 2015-09-03 20:31, Evgeny Khramtsov wrote:
> > Thu, 3 Sep 2015 20:25:27 +0200
> > Kim Alvefur <zash at zash.se> wrote:
> >
> >> But seriously, DANE works already¹, why haven't you deployed it
> >> yet? :)
> >
> > That's not true. In some national domains there is no dnssec support.
> > So DANE works in some countries only.
> >
>
> Note the smiley. Just because there isn't 100% deployment yet, doesn't
> mean that it does not work today.  I had to switch registrar, self-host
> my authoritative DNS server and write a bunch of tooling to deploy DANE.
> So
>
> On 2015-09-03 19:25, Andreas Tauscher wrote:
> > And since it is DNS based it would be
> > easy to implement.
>
> not so much.  But it's getting easier.  And you can set it up today if
> you are careful with your choice of TLD, registrar and dns hosting.  And
> there will still be CA-issued certificates around for a long time, so
> any alternative is likely to be used in parallel where possible and
> deployed.
>
> --
> Kim "Zash" Alvefur
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150904/cf9a1c0f/attachment.html>


More information about the Operators mailing list