Pretty sure that what he's referring to is called DANE. It lets a domain holder assert a certificate or key pair, using DNSSEC to bind it to the domain instead of PKIX (or in addition to PKIX).
https://tools.ietf.org/html/rfc6698 On Sep 21, 2014, at 8:01 AM, Anne van Kesteren <[email protected]> wrote: > On Sun, Sep 21, 2014 at 1:14 PM, Aryeh Gregor <[email protected]> wrote: >> What happened to serving certs over DNSSEC? If browsers supported >> that well, it seems it has enough deployment on TLDs and registrars to >> be usable to a large fraction of sites. > > DNSSEC does not help with authentication of domains and establishing a > secure communication channel as far as I know. Is there a particular > proposal you are referring to? > > > -- > https://annevankesteren.nl/ > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
