Home page logo

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Joe Abley <jabley () hopcount ca>
Date: Mon, 5 Jan 2009 15:39:37 -0500

On 2009-01-05, at 15:18, Jason Uhlenkott wrote:

If we had DNSSEC, we could do away with SSL CAs entirely.  The owner
of each domain or host could publish a self-signed cert in a TXT RR,

... or even in a CERT RR, as I heard various clever people talking about in some virtual hallway the other day. <http://www.isi.edu/in-notes/rfc2538.txt >.

and the DNS chain of trust would be the only form of validation needed.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]