[Cryptography] Certificates and PKI
Bill Frantz
frantz at pwpconsult.com
Wed Dec 24 10:24:31 EST 2014
On 12/23/14 at 12:36 PM, nico at cryptonector.com (Nico Williams) wrote:
>CT is more than just a mitigation against lack of name constraints.
>It's applicable to any kind of PKI. DNSSEC is a kind of PKI. CT should
>be applicable to DNSSEC.
Ben limits CT transactions to recognized CAs to limit spam to
the CA CT registries. Could the DNS registrars be enlisted as
intermediaries in a DNS based CT registry to similarly limit spam?
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Security is like Government | Periwinkle
(408)356-8506 | services. The market doesn't | 16345
Englewood Ave
www.pwpconsult.com | want to pay for them. | Los Gatos,
CA 95032
More information about the cryptography
mailing list