Reply to post: Re: Not https as it is right now

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

Charles 9

Re: Not https as it is right now

"Self Signed plus DNSSEC plus a signature in DNS is enough to verify that the site is what it claims to be at least as far as DNS goes (which is good enough for 99% of cases.. it flags MITM and government/corporate snooping which is what we're interested in).. DANE solves the same problem."

What about government MITM using the actual key, which they can co-opt? They can flood a web of trust and spoof any lighthouse sites, too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon