It looks like some issues may arise if/when an instances domain name changes. Is there any way we can change federation so that we don’t need to rely on such a central point of failure?
It looks like some issues may arise if/when an instances domain name changes. Is there any way we can change federation so that we don’t need to rely on such a central point of failure?
Yeah, the weakness of SSL is basically the same as the weakness of DNS: that someone can remotely impersonate you or revoke your identity. But there is a major difference: DNS is designed so that your identity is taken away as part of the system: you can not ever declare your identity yourself, you have to rent it from an external entity controlled by corporate, government or both. Whereas in SSL if your identity is taken away for the most part it’s purely your fault (only you should be having your private keys).