On 11/14/2012 05:02 PM, Tony Finch wrote: > Ben Laurie <[email protected]> wrote: > >> At the CT BoF the question was raised: what about DANE? >> >> Which is a good question. So, I think Google is prepared to >> contemplate running a CT log for DANE, but this leaves some >> questions... > What problem would CT for DANE be aiming to fix? > > Tony. You're sending a chain to the log server for CT. The chain must be rooted at something that is reasonably widely trusted (to avoid spamming). For DANE, that means extending the chain through DNSSEC up to the DNS root.
my 5c _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
