Author: solar 2011-12-19 17:13:14
Published on: 2011-12-19T17:13:14+00:00
The context discusses the use of commercial CAs to establish trust and suggests alternative methods for establishing trust in site policies. The writer proposes that parties generate their own self-signed or CA certificates to ensure trusted connections, rather than relying on commercial CAs that sell certificates to anyone. DNSSEC is suggested as a reliable way to retrieve certificates for first contact exchanges if the site supports it. However, this method is not a requirement for either side to support alias resolution. HTTPS and x.509 certs are said to allow many automatic trust establishment systems to be implemented on top, thereby allowing flexible policy configuration. The use of JSON is discussed but considered inefficient since binary data needs to be serialized into a text format like base64/UUencode or represented as an integer array. Establishing trust is deemed an administrative issue with various solutions, and not every site or application requires trust. Finally, HTTP is noted to work well if trust is established another way, making SSL/TLS not a requirement for HTTP exchange.
Updated on: 2023-06-04T21:51:36.927538+00:00