On 29 November 2017 at 22:33, Paul Wouters <[email protected]> wrote: > > > > On Nov 29, 2017, at 17:00, Ben Laurie via dev-security-policy < > [email protected]> wrote: > > > > This whole conversation makes me wonder if CAA Transparency should be a > > thing. > > That is a very hard problem, especially for non-DNSSEC signed ones. >
Presumably only for non-DNSSEC, actually? For DNSSEC, you have a clear chain of responsibility for keys, and that is relatively easy to build on. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
