[Cryptography] New free TLS CA coming

[Salz, Rich]

> A non ad-hoc demonstration of both domain and site control is I think a
> DNSSEC validated DANE TLSA RR attesting to the validity of the public key:
> 
>     _443._tcp.www.example.com. IN TLSA 3 1 1 <sha256 pkey digest>

I totally agree.

But if you have the ability to do this or the ability to make it happen, then you are probably (well) beyond the target market of ISRG.

	/R$