[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sander Steffann
sander at steffann.nl
Fri Aug 30 16:36:29 CEST 2019
Hi, > Hold your horses, self-signed cert with proper TLSA records in > DNSSEC-signed domain is even better, see > https://tools.ietf.org/html/rfc6698 . > > Besides other things correctly configured TLSA record + client side > validation prevents rogue or compromised CAs from issuing "fake but > accepted as valid" certs. > > So I would say RIPE NCC is attempting to do security it in the most > modern way available. Yep. I wish the use of TLSA was more wide spread. It doesn't require third parties to "certify" who is who. Cheers, Sander -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Message signed with OpenPGP URL: <https://lists.ripe.net/ripe/mail/archives/ripe-atlas/attachments/20190830/e4ee16c0/attachment.sig>
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]