[Cryptography] Certificates and PKI

Bill Frantz frantz at pwpconsult.com
Wed Dec 24 10:24:31 EST 2014


On 12/23/14 at 12:36 PM, nico at cryptonector.com (Nico Williams) wrote:

>CT is more than just a mitigation against lack of name constraints.
>It's applicable to any kind of PKI.  DNSSEC is a kind of PKI.  CT should
>be applicable to DNSSEC.

Ben limits CT transactions to recognized CAs to limit spam to 
the CA CT registries. Could the DNS registrars be enlisted as 
intermediaries in a DNS based CT registry to similarly limit spam?

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Security is like Government  | Periwinkle
(408)356-8506      | services. The market doesn't | 16345 
Englewood Ave
www.pwpconsult.com | want to pay for them.        | Los Gatos, 
CA 95032



More information about the cryptography mailing list