On Nov 16, 2012, at 3:23 AM, Ben Laurie <[email protected]> wrote: > As for CT vs DANE, it is precisely because DNS does not provide a > robust infrastructure that DANE cannot be allowed to override CT. This > can be fixed by making DANE use some kind of equivalently strong > transparency. I agree with others that this is probably better applied > to DS records than to TLSA records.
Proposal: we take this off the DANE list and keep it on therightkey list, focused on DS instead of DANE. That is, a rogue zone with additional / substitute DS records might affect more than DANE in the future. --Paul Hoffman _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
