[Twisted-Python] AutobahnPython 0.6.3 - WebSocket compression and more
Phil Mayers
p.mayers at imperial.ac.uk
Mon Oct 7 07:19:43 MDT 2013
On 07/10/13 12:35, Tobias Oberstein wrote:
> DNSSEC seems to follow a centralized/hierachical trust model. Won't
> help. The NSA will (does?) own those.
The default trust model is to have parent sign the child. Other models
are not only possible, they're deployed. Google "DLV" and "trust anchor".
As to whether "the NSA" has the root keys; given recent revelations I
rule nothing out. But if this is a concern, I would urge you to
investigate and get involved in the root key generation and rollover
procedures - there is a rollover coming soon, and more eyes make
subversion less likely.
> That could be a good start: it would take a community effort to
> scrutinize, security review and robustify for production.
>
> The monoculture of OpenSSL is no good IMHO.
I agree, but there are other options - gnutls, NSS - which have received
this scrutiny, if you want to move away from OpenSSL.
More information about the Twisted-Python
mailing list