Herman: Shipping Rust in Firefox
Herman: Shipping Rust in Firefox
Posted Jul 14, 2016 19:43 UTC (Thu) by farnz (subscriber, #17727)In reply to: Herman: Shipping Rust in Firefox by Cyberax
Parent article: Herman: Shipping Rust in Firefox
True, but that implies that I'm paranoid enough to do that and keep updating the local copies when the TLD keys change (with appropriate verification).
The thing about automatic caching is that it's transparent to me, and it's a useful performance optimization (so I'd expect OSes to do a degree of it behind my back). If the NSA doesn't take it into account, they risk being unmasked by their own bad opsec.
Posted Jul 14, 2016 20:01 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Jul 14, 2016 21:59 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
But isn't that fairly easy? You pull down a set of "known good" TLD keys, and the system triggers an alert when they change, telling you to re-get the keys. Bit of a pain when they change unexpectedly, but the point is, not that it's secure or not, but that YOU ARE NOTIFIED when something changes.
Cheers,
Herman: Shipping Rust in Firefox
It's not too terribly complicated to package such keys in Fedora/Debian/... or provide a public service accessible over the Internet/TOR/...
Herman: Shipping Rust in Firefox
Wol