[Cryptech Tech] Some problems with the repo access
Rob Austein
sra at hactrn.net
Sat Feb 15 15:55:46 UTC 2014
At Sat, 15 Feb 2014 09:47:37 +0100, Jakob Schlyter wrote:
>
> http://people.redhat.com/pwouters/hash-slinger/
> https://github.com/pieterlexis/swede
Thanks.
> ps. I recommend TLSA 3 1 1, publishing a SHA-256 of the public key
> of the EE cert. Yes, you need to update the DNS if/when you roll
> your keys, but then you can use the same mechanisms independent of
> your CA and certificate renwewal. And your are independent of the
> full PKIX path validation.
This assumes that one considers being independent of the full PKIX
path validation to be a feature. I'm not convinced.
More information about the Tech
mailing list