[Cryptech Tech] Some problems with the repo access
Jakob Schlyter
jakob at kirei.se
Fri Feb 14 14:52:43 UTC 2014
On 14 feb 2014, at 15:47, Rob Austein <sra at hactrn.net> wrote:
> Well, the question is really to Jakob, as author of the specification
> in question and more clueful than I about how it really works.
>
> Would it suffice to add:
>
> _443._tcp.cryptech.is. IN CNAME ca.hactrn.net.
In theory, yes. If cryptech.is actually sends the CA certificate in the TLS handshake, I believe it does, I would go for a SHA-256 of the CA public key (2 1 1) in order to keep the DNS response packet size sane.
jakob
More information about the Tech
mailing list