[Twisted-Python] AutobahnPython 0.6.3 - WebSocket compression and more
Tobias Oberstein
tobias.oberstein at tavendo.de
Mon Oct 7 05:35:14 MDT 2013
> There are *lots* of TLS extensions that eliminate or obviate the need for the
> (horrible) PKIX trust model as deployed. For example, TLS PSK, TLS-SRP, the
> PGP method you've found, and others.
Sure .. however as far as I understand the IETF has only 2 _cert_ schemes sanctioned:
x509 and OpenPGP, and of those only OpenPGP has a decentralized trust model.
>
> Right now, none are useful in a browser, but personally I have high hopes for
Which is the main roadblocker to adoption .. right.
> raw keys, trust-anchored by DNSSEC via RFC 6698. In this model, X.509 is
> essentially just a payload format for certs - the entire trust model is unused.
DNSSEC seems to follow a centralized/hierachical trust model. Won't help. The NSA will (does?) own those.
> > [Sidenote: if not, one more reason why a pure Python TLS
>
> Such as tlslite?
That could be a good start: it would take a community effort to scrutinize, security review and
robustify for production.
The monoculture of OpenSSL is no good IMHO.
/Tobias
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
More information about the Twisted-Python
mailing list