On Thu, May 22, 2014 at 1:48 PM, Stephen Kent <[email protected]> wrote: >> > That's a very confusing last phrase. >> >> I had no problem reading it. >> > a literal reading of it is as sarcasm. If that's PHB's intent, fine, but > I just wanted to verify that there was no typo.
I saw no sarcasm in it. >> In other words, your concern is about CT in general, not DNSSEC in >> particular. Sounds like a separable issue to me. But if CT makes sense then >> it makes sense for DNSSEC. >> > yes, my complaint about a lack of a doc describing CT architecture is not > specific to the CT for DNSSEC discussion. We agree. > CT may be appropriate for the Web PKI, w/o being a great idea for DNSSEC. I take it you concede that lack of name constraints isn't the only reason to want CT. I'll concede that CT for DNSSEC might not be a good idea. Did I ever say it is? I started the discussion with an inference: CT is for PKIs, DNSSEC is a PKI, therefore CT fits DNSSEC, discuss. > Until we have a doc that describes the architecture, we can't evaluate how > good > it is in either context. We have a doc; it's missing important things. I agree. But I think we can have some of this discussion given what we know now. Indeed, we've been having this discussion, and important things have come up (privacy protection, spam). Nico -- _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
