-
-
Replying to @bascule
@bascule@4Dgifts@matthew_d_green@bleidl And people think I’m an NSA apologist. HEADDESK.1 reply 0 retweets 0 likes -
Replying to @tqbf
@tqbf@4Dgifts@matthew_d_green@bleidl I hate DNSSEC and all but it is really starting to feel like the lesser of all evils2 replies 0 retweets 0 likes -
Replying to @4Dgifts
@4Dgifts@tqbf@matthew_d_green@bleidl the X.509 PKI is worse1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@4Dgifts@matthew_d_green@bleidl Are you sure about that? Or do you just not like ASN.1?4 replies 0 retweets 0 likes -
Replying to @tqbf
@tqbf@4Dgifts@matthew_d_green@bleidl X.509 gives us a system where any CA in your truststore can pretend to be http://google.com1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@4Dgifts@matthew_d_green@bleidl That’s not X.509! That’s the browser CA configuration of X.509.1 reply 0 retweets 0 likes -
Replying to @tqbf
@tqbf@4Dgifts@matthew_d_green@bleidl sure, X.509 name constraints exist. They just don’t work1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@4Dgifts@matthew_d_green@bleidl My point isn’t that X509 is great, it’s: do you know all the emergent properties of DNSSEC?2 replies 0 retweets 0 likes
@tqbf @4Dgifts @matthew_d_green @bleidl DNSSEC puts the powers of authenticating names in the same hands as the registrars. Seems OK?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.