[Cryptech Tech] The cert for cryptech.is

Leif Johansson leifj at sunet.se
Sat Mar 29 16:48:53 UTC 2014




> 29 mar 2014 kl. 17:40 skrev "Rob Austein" <sra at hactrn.net>:
> 
> At Sat, 29 Mar 2014 16:57:29 +0900, Randy Bush wrote:
>> 
>>> its actually not self-signed but published as a TLSA-record.. right?
>> 
>> i believe so
> 
> That's the intent, but appears not to be the case at present:
> 
> - I see no evidence that the cryptech.is zone is signed
> 
> - Queries for (eg) _443._tcp_.cryptech.is return NXDOMAIN.
> 
> cryptech.is's SOA says the zone maintainer is hostmaster at mnt.se.
> Is that where I should whine about this?

consider the whine received :-)

however since tlsa-support is not likely to appear any time soon in browsers we are back to Joachims point: can we both sell cryptech and rage against the CAs at the same time or should we suck it up and buy the required bits?


> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://cryptech.is/mailman/listinfo/tech




More information about the Tech mailing list