>>>So in practice, I _have_ to use a CA that is built into all major browsers.
>>You're assuming a lot here. Perhaps TLS is broken for all the uses you're
>>interested in - that doesn't mean it's broken for everyone else's uses.
@Jean-Paul: Granted .. good catch.
My interest is the Web/browser
On 10/07/2013 08:51 AM, Tobias Oberstein wrote:
I did some further looking around: turns out there is TLS-PGP
http://tools.ietf.org/html/rfc6091
Does someone know whether OpenSSL supports that?
There are *lots* of TLS extensions that eliminate or obviate the need
for the (horrible) PKIX tr
On 10/07/2013 09:50 AM, Phil Mayers wrote:
Right now, none are useful in a browser, but personally I have high
hopes for raw keys, trust-anchored by DNSSEC via RFC 6698. In this
model, X.509 is essentially just a payload format for certs
Sorry, "payload format for keys".
_
DNSSEC solves none of the problems with the CA system. It just moves the
problem around.
> On Oct 7, 2013, at 4:50 AM, Phil Mayers wrote:
>
> I have high hopes for raw keys, trust-anchored by DNSSEC via RFC 6698. In
> this model, X.509 is essentially just a payload format for certs - the enti
> There are *lots* of TLS extensions that eliminate or obviate the need for the
> (horrible) PKIX trust model as deployed. For example, TLS PSK, TLS-SRP, the
> PGP method you've found, and others.
Sure .. however as far as I understand the IETF has only 2 _cert_ schemes
sanctioned:
x509 and OpenP
On 07/10/13 11:56, Donald Stufft wrote:
DNSSEC solves none of the problems with the CA system. It just moves
the problem around.
Disagree.
However - there are other, better forums to have this argument in (and
to be frank, I've no interest in having it at all) so I won't respond
further.
I
On 07/10/13 12:35, Tobias Oberstein wrote:
DNSSEC seems to follow a centralized/hierachical trust model. Won't
help. The NSA will (does?) own those.
The default trust model is to have parent sign the child. Other models
are not only possible, they're deployed. Google "DLV" and "trust anchor".
On Oct 6, 2013, at 4:11 AM, Tobias Oberstein
wrote:
>>> If above sounds OT for this list, in one way probably, but when looking from
>>> the angle: competitive advantage of Python/Twisted and opportunities for
>>> expanding the community and actively promoting Twisted, I'd say it's on
>>> topic
> > E.g., as a start, we could have a dedicated page on the Twistedmatrix
> > Web site "Twisted for Things" for intro and collecting links, articles
> > etc
>
> Fun fact: the very first class in the very first thing that would eventually
> become Twisted was called "Thing". ;-)
What a prevision;
On Oct 7, 2013, at 6:13 AM, Phil Mayers wrote:
> On 07/10/13 11:56, Donald Stufft wrote:
>> DNSSEC solves none of the problems with the CA system. It just moves
>> the problem around.
>
> Disagree.
>
> However - there are other, better forums to have this argument in (and to be
> frank, I've
On 07/10/2013 18:58, Glyph wrote:
If you have a disagreement, please say /what the disagreement is/ (not
just "disagree") and then link to resources instead of abstractly
claiming people may find them themselves somehow. You don't have to get
into a big back-and-forth, but I believe DNSSEC impl
Crochet is an MIT-licensed library that makes it easier for blocking or
threaded applications like Flask or Django to use the Twisted networking
framework. Crochet provides the following features:
* Runs Twisted's reactor in a thread it manages.
* The reactor shuts down automatically when the
12 matches
Mail list logo
