On 16 November 2012 19:06, Paul Hoffman <[email protected]> wrote: > On Nov 16, 2012, at 3:23 AM, Ben Laurie <[email protected]> wrote: > >> As for CT vs DANE, it is precisely because DNS does not provide a >> robust infrastructure that DANE cannot be allowed to override CT. This >> can be fixed by making DANE use some kind of equivalently strong >> transparency. I agree with others that this is probably better applied >> to DS records than to TLSA records. > > Proposal: we take this off the DANE list and keep it on therightkey list, > focused on DS instead of DANE. That is, a rogue zone with additional / > substitute DS records might affect more than DANE in the future.
+1 > > --Paul Hoffman _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
