Hello, пт, 9 нояб. 2018 г., 7:03 Ryan Carboni rya...@gmail.com:
> I think I have implied that ClientHello is unneccesary to an extent, it > can be replaced by a DNS TXT record. > > I think I implied that self-signed certificates are acceptable given the > precedent of Let’s Encrypt and the use of DNSSEC (has there been evidence > of DNS spoofing attacks against a CA?). > Sure. At least this proof-of-concept one. https://blog.powerdns.com/2018/09/10/spoofing-dns-with-fragments/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
