On Mon, 12 Sep 2011 12:12:08 +0200 Martin Millnert <milln...@gmail.com> wrote:
> Mike, > > On Sun, Sep 11, 2011 at 8:44 PM, Mike Jones <m...@mikejones.in> wrote: > > It will take a while to get updated browsers rolled out to enough > > users for it do be practical to start using DNS based self-signed > > certificated instead of CA-Signed certificates, so why don't any > > browsers have support yet? are any of them working on it? > > Chrome v 14 works with DNS stapled certificates, sort of a hack. ( > http://www.imperialviolet.org/2011/06/16/dnssecchrome.html ) > > There are other proposals/ideas out there, completely different to > DANE / DNSSEC, like http://perspectives-project.org/ / > http://convergence.io/ . I.e. instead of a set of trusted CAs there will be one distributed net of servers, that act as a cert storage? I do not see how that could help... Well, I do not even see how can one trust any certificate that is issued by commercial organization. -- With best regards, Gregory Edigarov
