Hlavní navigace

Názor ke zprávičce Vývojová verze Firefoxu chce HTTPS na stránkách s přihlášením od ttt - Nedalo mi to a hledal jsem, podle https://www.imperialviolet.org/...

  • Aktualita je stará, nové názory již nelze přidávat.
  • 23. 10. 2015 17:33

    ttt (neregistrovaný)

    Nedalo mi to a hledal jsem, podle https://www.imperialviolet.org/ (chrome) je problém v RSA 1024 a Certificate transparency (Jan 2015). U mozilly jsem nějaké vyjádření nenašel, leží to tam ladem https://bugzilla.mozilla.org/show_bug.cgi?id=672239.

    [quote]
    Indeed, Chrome even supported something very like DANE for a while. In that case the DNSSEC records were contained in the certificate to avoid the latency and complexity of looking them up in the client. (DNSSEC records contains signatures so need not be transported over the DNS protocol.)

    But support for that was removed because it was a bunch of parsing code outside of the sandbox, wasn't really being used and it conflicted with two long-term plans for the health of the HTTPS ecosystem: eliminating 1024-bit RSA and Certificate Transparency. The conflicts are probably the most important reasons for not wanting to renew the experiment.
    [/quote]