On Thu, Oct 29, 2015 at 10:02 PM, Tony Arcieri <[email protected]> wrote:
> While DNSSEC could provide a security improvement for this use case, I > wonder how much overlap there is with the prospective audience of Let's > Encrypt and people who have DNSSEC deployed today... > Since the target audience is the CA, rather than subscribers, you could get meaningful security improvements even without widespread populist adoption. The CA would need to validate it, and the DNS providers of the subscribers would need to support it. While some subscribers may operate their own DNS, many will use common third party services. While many third-party DNS providers do not support DNSSEC, there are some who do[1][2], and perhaps some who could be incentivized to add it if they knew there was meaningful CA use and validation of the records. -- Eric [1] https://blog.cloudflare.com/dnssec-is-open-for-beta/ [2] http://www.gandi.net/domain/dnssec > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > > -- konklone.com | @konklone <https://twitter.com/konklone>
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
