Author: Andy Parkins 2011-12-16 17:21:11
Published on: 2011-12-16T17:21:11+00:00
In a discussion on December 16, 2011, Rick Wesson suggested that any URI scheme would still use DNS and inherit any base issues present in TXT records. He recommended looking into DANE and reviewing their work on hardening certificate (x.509) infrastructure to address the centralization of HTTPS and the risk associated with CAs being compromised. However, trust is essential for communication, and CAs are all that we have until PGP support is integrated into browsers. The concern about CAs overlooks the issue of how A tells B the appropriate alias to use for a lookup, which also requires a secure channel. Ultimately, HTTPS or an equivalent system requiring a previously authorized secure channel for transfer of trust is acceptable.
Updated on: 2023-06-04T21:57:14.361332+00:00