Comment by Tepix
11 years ago
DANE is the way to go forward. Have your TLD CA sign your domain key and sign your web certificates with your own key.
Only one "root CA" to trust per TLD, and it's free if you own a TLD that supports DNSSEC (most do these days).
Now we just need the DANE check built into the browser without any plugins that require installation.
No comments yet
Contribute on Hacker News ↗