@tqbf @4Dgifts @matthew_d_green @bleidl X.509 gives us a system where any CA in your truststore can pretend to be http://google.com
-
-
@bascule@4Dgifts@matthew_d_green@bleidl That’s not X.509! That’s the browser CA configuration of X.509. -
@tqbf@4Dgifts@matthew_d_green@bleidl sure, X.509 name constraints exist. They just don’t work -
@bascule@4Dgifts@matthew_d_green@bleidl My point isn’t that X509 is great, it’s: do you know all the emergent properties of DNSSEC? -
@tqbf@4Dgifts@matthew_d_green@bleidl not sure what you mean by that
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.