It's irritating (to say the least) that we have a distributed information service (DNS) that so botched its security implementation that logical things like storing public keys now require a web server, running http (!) and allowing a GET on /.well-known/blah
Is there no alternatives to DNSSEC that would have allowed the equivalent of DANE to be provided somehow?
It's irritating (to say the least) that we have a distributed information service (DNS) that so botched its security implementation that logical things like storing public keys now require a web server, running http (!) and allowing a GET on /.well-known/blah
Is there no alternatives to DNSSEC that would have allowed the equivalent of DANE to be provided somehow?