At the CT BoF the question was raised: what about DANE? Which is a good question. So, I think Google is prepared to contemplate running a CT log for DANE, but this leaves some questions...
a) What would we log? DNSSEC keys as well as certs? Only DNSSEC keys? Something else? b) How do we prevent the log getting spammed out of existence as soon as it becomes useful? c) When someone observes badness in the log, what do they do about it? I do not intend to drive the answers to these questions, but if someone supplies them I will certainly consider running a DANE log. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
