CT-for-PKIX helps a web site administrator determine if a trusted CA ever issued a certificate that should not have been issued.
CT-for-DNSSEC helps a DNS zone administrator determine whether a DNS server in the hierarchy above the leaf zone ever included a DS record that should not have been included. It would be good to have agreement on the above; feel free to offer changes and see if the authors agree. Then we can talk about the relationship between the two. --Paul Hoffman _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
