On 14 November 2012 11:30, Paul Wouters <[email protected]> wrote: > I think CT is a bandaid for PKIX that does not apply to DANE. >
Perhaps not DANE - but DNSSEC. PKIX allows N CAs to issue unlimited trusted certs for your domain. DNSSEC allows 1 TLD to issue unlimited trusted signing keys for your domain. Maybe it's the KSK that should go into a log? -tom
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
