TLSA entry for the websites

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

https://mailinabox.email/

Creative Commons Zero v1.0 Universal

13.99k stars 1.44k forks source link

TLSA entry for the websites #428

Closed TabTwo closed 9 years ago

TabTwo commented 9 years ago

How about adding a TLSA entry for every website?

JoshData commented 9 years ago

What would that do?

dhpiggott commented 9 years ago

Would it allow TLSA capable clients to detect if a MITM had occurred even if the MITMer had obtained a CA's key and created an otherwise valid cert for their proxying purposes?

JoshData commented 9 years ago

There are a lot of if's there!

dhpiggott commented 9 years ago

I didn't say I thought it would be advantageous to most use cases :)

Are there any cases where it could be problematic?

JoshData commented 9 years ago

No, for the same reason there are no actual cases where it would be useful. :)

JoshData commented 9 years ago

@TabTwo: If you have a use case that I'm missing let me know, otherwise I will close this issue.