I'd love to hear a response from @trailofbits about this reported behavior in its new Algo VPN. If true, it strikes me as a deal breaker.https://twitter.com/FiloSottile/status/808355117011521537 …
-
-
Maybe we have two roots, one authing server to user, one authing user to server, latter no serverauth, former ephem?
-
All of this requires testing with clients. Not sure how things like iOS will react.
-
hmmm there are people who should actually be on this thread
@rmhrisk@randomoracle -
But as you suggest, trust anchors can be different between client & server side…
-
And if server-side used LetsEncrypt, there's no need to add random root CA to all clients
-
LE should totally be used for the server if public name.
-
I don't want to depend on users setting up a DNS provider / name for themselves.
-
dyn or similar?
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.