"DNSSEC sounds super!" -Someone who's never actually deployed DNSSEC
-
-
Replying to @hotelzululima
@bascule of sysadmins with infrastructure that was weak as kittens but1 reply 0 retweets 0 likes -
Replying to @hotelzululima
@bascule admins were forced to accept/rust by fiat against their will/knowledge/better judgement. Fortunately SUNLABS opened sourced their1 reply 0 retweets 0 likes -
Replying to @hotelzululima
@bascule CA sources first to allow others knowledge of how to build such a function.. didnt matter.. CA system was BROKEN by design!2 replies 0 retweets 0 likes -
Replying to @hotelzululima
@bascule same as DNSSEC & for the same reasons. MITM certs, lack of cert pinning in the browser. lack of CRL fetches etc & sources 4 same2 replies 0 retweets 0 likes -
Replying to @hotelzululima
@bascule basically one rogue CA can shit in the pool..1 reply 0 retweets 0 likes
Replying to @hotelzululima
@hotelzululima needs more HPKP and name constraints
6:54 PM - 10 Mar 2015
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.