• vortex
    link
    fedilink
    arrow-up
    2
    ·
    2 days ago

    much prefer a solution that incorporates DNS TLSA resource records, rather than browser root certificate stores. That’s DANE, mm-ok? ;)

    • vortex
      link
      fedilink
      arrow-up
      2
      ·
      2 days ago

      But regretfully, Peter Eckersley ex Chief Scientist at EFF seemed too invested in browsers being the ultimate hard-wired authority of trust on behalf of browser users when it came to root certificate stores. Not even considering initiatives such as CA-Cert.