On Oct 19, 2012, at 9:54 AM, Ben Laurie wrote: > On 16 October 2012 15:48, Phillip Hallam-Baker <[email protected]> wrote: >> I think that is a rather naive assessment. >> >> Most of us do not want to be dependent on a single root of trust that is >> ultimately under the physical control of VeriSign and the legal control of >> ICANN, a body whose insistence that it is above criticism should be deeply >> troubling. Attempts to concentrate trust in one place have invariably proved >> to be unstable. >> >> DLV is not the solution but it may be a useful contribution to a solution. > > How about a solution that doesn't require you to trust anyone - namely > Certificate Transparency?
Let's not be hyperbolic here. You still have to trust the whitelist/log operator, since he can DoS by not including certificates in his log. But this is drifting pretty far off-topic... --Richard >> >> >> >> >> On Mon, Oct 15, 2012 at 11:56 AM, Paul Wouters <[email protected]> wrote: >>> >>> On Sun, 14 Oct 2012, Ryan Sleevi wrote: >>> >>>> For DANE, presumably solutions would use some form of DNSSEC rewriting, >>>> with DLV >>> >>> >>> That's not the purpose of DLV. DLV is going to die sooner rather then >>> later, >>> and no infrastructure should be build up to use it for such purpose. >>> >>> I hope the operator of the DLV registry will confirm this in strong terms. >>> >>> Paul >>> >>> _______________________________________________ >>> dane mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/dane >> >> >> >> >> -- >> Website: http://hallambaker.com/ >> >> >> _______________________________________________ >> dane mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dane >> > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
