Deutsch | English

[Ach] opinions on

Aaron Zauner azet at
Tue Nov 25 16:20:13 CET 2014

Hi *,

L. Aaron Kaplan wrote:
> Hi *,
> A couple of days, I stumbled across  Somehow it highly reminded me of
> On the other hand, they seem to be going further by automating SSL certificate creation, CSR signing etc. while doing less work on the WoT part of

They also plan to integrate with certificate transparency, EEF's ssl
observatory and - which is essential. I've included a short
mention in my DeepSec talk but are yet to look through the design spec
properly and maybe do a review. Not much time though. The most obvious
pro is (opportunistic) HTTPS for everyone.

> Did someone here look into in more detail and could you share your impressions?
> Could this be a version 2.0? Or an killer? [1]

My hope would be that it'll blow commercial CAs out of the water, but
that's probably not going to happen. Let's do a web-of-trust voodoo dance!

> My gut feeling tells me that DANE is probably a better tech.... but so was Betamax. 
> Curious about your feedback.

As with TACK I hear that some vital Google engineers don't like the DANE
trust/security model. I'm curious if it'll see real adoption. Their
reasoning so far has been that there are more "entry points" for an
attacker than with a central (and CT audited) trust system as with
certificate authorities. But I'm not them, just relaying what I've heard
and read from them on mailinglists and twitter here.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Ach mailing list
Tel.: +43 1 5056416 78
mehr ...
mehr ...
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung