On 10/07/2013 08:51 AM, Tobias Oberstein wrote:
I did some further looking around: turns out there is TLS-PGP
http://tools.ietf.org/html/rfc6091
Does someone know whether OpenSSL supports that?
There are *lots* of TLS extensions that eliminate or obviate the need
for the (horrible) PKIX trust model as deployed. For example, TLS PSK,
TLS-SRP, the PGP method you've found, and others.
Right now, none are useful in a browser, but personally I have high
hopes for raw keys, trust-anchored by DNSSEC via RFC 6698. In this
model, X.509 is essentially just a payload format for certs - the entire
trust model is unused.
[Sidenote: if not, one more reason why a pure Python TLS
Such as tlslite?
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
