[Cryptography] Certificates and PKI
Paul Wouters
paul at cypherpunks.ca
Sat Dec 27 12:22:21 EST 2014
On Sat, 27 Dec 2014, Viktor Dukhovni wrote:
>>> However evidence of the parent serving the child zone, as if no
>>> delegation existed, is more difficult to accomodate in a transparency
>>> scheme.
>>
>> Exactly.
>
> CT for parent domains serving entries in what should be a child
> domain is doable I think.
As someone told me offline, qname minimalization actually solves this
problem.
> I've not been following the "trans" working group, is there a
> plausible design for CT for DNSSEC, or do the problems look
> intractable?
That discussion has started, but the WG first wants to focus on the core
documents and complete those before moving into the other areas such as
DNSSEC and binary blob transparency.
Paul
More information about the cryptography
mailing list