|
|
Subscribe / Log in / New account

Laurie: Improving SSL certificate security

Laurie: Improving SSL certificate security

Posted Apr 21, 2011 12:30 UTC (Thu) by robbe (guest, #16131)
In reply to: Laurie: Improving SSL certificate security by Lennie
Parent article: Laurie: Improving SSL certificate security

> - Almost no one has DNSSEC deployed right now, [...]

If you want a secured domain now, you can get it -- e.g. a .com from godaddy (there are certainly other possibilities). If DANE generates more demand, I am sure the laggards will catch up. This is not IPv6 where everybody waits on everybody else.

> - The hosting providers need to support it, [...]

You can move just DNS hosting to another provider.

> - Operating system providers need to implement it (resolver library should do/allow queries with the right bits set).

I think the browsers will get there first.

> - The browsers need to implement support for it.

I've seen Chrome and Firefox people on the DANE lists. A kludgy patch for NSS (firefox) exists.

> I'm all for it to be deployed, but I think it will take a few years.

My bet is that in less than two years we will have some browser doing SSL with additional cert-checking done via DNSSEC.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds