Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DNSSEC to the rescue. Was: Snakeoil and suspicious encryption services

Guido Witmond guido at
Tue Jul 22 11:12:13 PDT 2014

On 07/22/14 13:47, Aymeric Vitte wrote:

> I am thinking about these issues since quite some time, unfortunately I
> reached the conclusion that you can not secure the code loading.

A humble suggestion:

With https, a self signed server certificate, a DANE record of that
certificate in DNSSEC and a browser plugin (extended DNSSEC/DANE
validator of cz.nic) that validates the DANE record would make code
loading from the original site secure against a MitM.

That way you could host all your javascript at the site. (but not at the

Now the question becomes: Do the users find a reason to trust peersm
with their business. Users are still vulnerable to a NSL delivered at

with regards, Guido Witmond.

More information about the liberationtech mailing list