@bascule @taoeffect couldn't that be done with zero CA:s on board? domain owners and clients could submit.
@cryptostorm_is @taoeffect in other news locks are pickable, but you still probably have them on your doors
-
-
@bascule@cryptostorm_is If X.509/CT were the best we could do, that *might* be an acceptable thing to say. -
@taoeffect@cryptostorm_is it’s what the entire ecosystem is based on. Good luck replacing it from scratch -
@bascule@taoeffect - ironically, there's some obvious macaroon-esque complexity minimisations just crying out to be done in this space... -
@cryptostorm_is@taoeffect you mean like X.509 name constraints? -
@bascule@taoeffect - except something that works? Sorta like that. ;-) -
@cryptostorm_is@taoeffect it would be nice if the browser vendors mandated all CAs include name contraints on their roots - End of conversation
New conversation -
-
-
@bascule@taoeffect - agreed! But: do you copy your master keys to the neighbourhood thug, as fallback for being locked out? Perhaps not...Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.