Comment by kazen44
3 hours ago
its a shame DANE never took off. If we actually got around to running a trusted DNSSEC based DNS system and allowed clients to create certificates thanks to DANE, we would be in a far more resilient setup compared to what we are now.
But DNSSEC was hard according to some, and now we are running a massive SPOF in terms of TLS certificates.
No comments yet
Contribute on Hacker News ↗