[Cryptech Tech] The cert for cryptech.is
Leif Johansson
leifj at sunet.se
Sat Mar 29 16:48:53 UTC 2014
> 29 mar 2014 kl. 17:40 skrev "Rob Austein" <sra at hactrn.net>:
>
> At Sat, 29 Mar 2014 16:57:29 +0900, Randy Bush wrote:
>>
>>> its actually not self-signed but published as a TLSA-record.. right?
>>
>> i believe so
>
> That's the intent, but appears not to be the case at present:
>
> - I see no evidence that the cryptech.is zone is signed
>
> - Queries for (eg) _443._tcp_.cryptech.is return NXDOMAIN.
>
> cryptech.is's SOA says the zone maintainer is hostmaster at mnt.se.
> Is that where I should whine about this?
consider the whine received :-)
however since tlsa-support is not likely to appear any time soon in browsers we are back to Joachims point: can we both sell cryptech and rage against the CAs at the same time or should we suck it up and buy the required bits?
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://cryptech.is/mailman/listinfo/tech
More information about the Tech
mailing list