Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DNSSEC to the rescue. Was: Snakeoil and suspicious encryption services

Guido Witmond guido at witmond.nl
Tue Jul 22 11:12:13 PDT 2014


On 07/22/14 13:47, Aymeric Vitte wrote:

> I am thinking about these issues since quite some time, unfortunately I
> reached the conclusion that you can not secure the code loading.

A humble suggestion:

With https, a self signed server certificate, a DANE record of that
certificate in DNSSEC and a browser plugin (extended DNSSEC/DANE
validator of cz.nic) that validates the DANE record would make code
loading from the original site secure against a MitM.

That way you could host all your javascript at the site. (but not at the
CDN).


Now the question becomes: Do the users find a reason to trust peersm
with their business. Users are still vulnerable to a NSL delivered at
peersm.

with regards, Guido Witmond.




More information about the liberationtech mailing list