I was asked to echo my comments to the list about timeouts for TLS
latching in the discussion about DEEP.
One of the main reasons that people seem to want timeouts for TLS
latching is because they're worried about "bricking" their domain, or
about setting policies that will affect the domain after it transfers
"ownership" to a new registrant.
Domain names have reputation already, which affects both the current
registrant and any future registrant. Some examples of domain name
reputation includes inclusion in spam and malware blacklists.
In this case, the possibility of "latching" a domain name into TLS is
just one more piece of reputation that a domain name is likely to carry
across a registration transfer.
The idea that we can have an ongoing reputation that a domain has opted
*into* stronger security guarantees than the default doesn't seem
particularly troubling, given the other reputational factors that zone
registrants already have to deal with.
--dkg
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
