+1 Paul is right here, the big value in CT is probably applying it as a reinforcement against people screwing with the DS records or to ensure that DLV type schemes are not being futzed with.
On Fri, Nov 16, 2012 at 2:06 PM, Paul Hoffman <[email protected]> wrote: > On Nov 16, 2012, at 3:23 AM, Ben Laurie <[email protected]> wrote: > > > As for CT vs DANE, it is precisely because DNS does not provide a > > robust infrastructure that DANE cannot be allowed to override CT. This > > can be fixed by making DANE use some kind of equivalently strong > > transparency. I agree with others that this is probably better applied > > to DS records than to TLSA records. > > Proposal: we take this off the DANE list and keep it on therightkey list, > focused on DS instead of DANE. That is, a rogue zone with additional / > substitute DS records might affect more than DANE in the future. > > --Paul Hoffman > _______________________________________________ > therightkey mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/therightkey > -- Website: http://hallambaker.com/
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
