On 29 November 2017 at 22:33, Paul Wouters <p...@nohats.ca> wrote: > > > > On Nov 29, 2017, at 17:00, Ben Laurie via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > This whole conversation makes me wonder if CAA Transparency should be a > > thing. > > That is a very hard problem, especially for non-DNSSEC signed ones. >
Presumably only for non-DNSSEC, actually? For DNSSEC, you have a clear chain of responsibility for keys, and that is relatively easy to build on. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy