On 19 October 2012 15:07, Richard Barnes <[email protected]> wrote: > > On Oct 19, 2012, at 9:54 AM, Ben Laurie wrote: > >> On 16 October 2012 15:48, Phillip Hallam-Baker <[email protected]> wrote: >>> I think that is a rather naive assessment. >>> >>> Most of us do not want to be dependent on a single root of trust that is >>> ultimately under the physical control of VeriSign and the legal control of >>> ICANN, a body whose insistence that it is above criticism should be deeply >>> troubling. Attempts to concentrate trust in one place have invariably proved >>> to be unstable. >>> >>> DLV is not the solution but it may be a useful contribution to a solution. >> >> How about a solution that doesn't require you to trust anyone - namely >> Certificate Transparency? > > Let's not be hyperbolic here. You still have to trust the whitelist/log > operator, since he can DoS by not including certificates in his log.
I guess it would not be hard to prove that the log is doing that - the whole point of CT being that misbehaviour can always be demonstrated. > But this is drifting pretty far off-topic... Well, DANE is about improving TLS, and so is CT :-) > > --Richard > > > > >>> >>> >>> >>> >>> On Mon, Oct 15, 2012 at 11:56 AM, Paul Wouters <[email protected]> wrote: >>>> >>>> On Sun, 14 Oct 2012, Ryan Sleevi wrote: >>>> >>>>> For DANE, presumably solutions would use some form of DNSSEC rewriting, >>>>> with DLV >>>> >>>> >>>> That's not the purpose of DLV. DLV is going to die sooner rather then >>>> later, >>>> and no infrastructure should be build up to use it for such purpose. >>>> >>>> I hope the operator of the DLV registry will confirm this in strong terms. >>>> >>>> Paul >>>> >>>> _______________________________________________ >>>> dane mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/dane >>> >>> >>> >>> >>> -- >>> Website: http://hallambaker.com/ >>> >>> >>> _______________________________________________ >>> dane mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/dane >>> >> _______________________________________________ >> dane mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dane > _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
