Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)

Melinda Shore <> Sat, 10 May 2014 03:08 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0BDF31A01A7 for <>; Fri, 9 May 2014 20:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jrgkP-RO-zKC for <>; Fri, 9 May 2014 20:08:14 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c02::22d]) by (Postfix) with ESMTP id 5DEBD1A01AD for <>; Fri, 9 May 2014 20:08:14 -0700 (PDT)
Received: by with SMTP id y10so4403641pdj.32 for <>; Fri, 09 May 2014 20:08:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=Vl0TYbVdCVItm0zoc36KUSTD3k7EHGwyybLbl9XfFYA=; b=O9/F/UA5544NyBuBTIFrkIM3vShnl0SWMMVZcQLmoX2ytWQTtNnLJwGXWBa8Ohpmza DyGjxigHsWt8VIq89hjhcv7rMvJ6N3/uAGgX1TQAX/gLjxJDUgEhYbuD6bpuf/x88hwy 7pK0A4dqjQdGAzNK6fC4bUNwdRcE/nNqeyM0bZSmpEUYYrAOdrwLu0tTYFp5MdUubiCU FwwOWS67jIDGt8KeqpW7PBt5PWVYABVyxaK2OUm5BVtYXJSD1qrxsGpyqSTsKhYO+vI/ fBK/9lrf3DwT5IwiQe1Xq9GX5DJ4nQYK41njfNMKqfQsRwQgcGRmL9GTnh3UdN/Mg5nI 7FRw==
X-Received: by with SMTP id e12mr27708747pat.35.1399691288746; Fri, 09 May 2014 20:08:08 -0700 (PDT)
Received: from spandex.local ( []) by with ESMTPSA id ss2sm15687589pab.8.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 May 2014 20:08:07 -0700 (PDT)
Message-ID: <>
Date: Fri, 09 May 2014 19:08:06 -0800
From: Melinda Shore <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Tao Effect <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "Mehner, Carl" <>, "" <>
Subject: Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 10 May 2014 03:08:20 -0000

On 5/9/14 4:31 PM, Tao Effect wrote:
> Maybe I'll post a more detailed version of this later (with citations,
> illustrations, etc.). But seeing as this is a technical list, I hope it
> will do for now.

Hi, Greg:

This mailing list is to support the work of the trans working
group rather than for general discussion of CT, and this
discussion is starting to skirt the edges of what we're doing.
Right now there's a proposal to look at the possibility of
applying CT to DNSSEC.  A general discussion of "the worthiness of
DNSSEC and PKI" doesn't really go to that proposal.

We kept the mailing list around for discussions
of just this nature, and I'd be grateful if you could keep the
discussion here focused on the applicability of CT to DNSSEC and
take the more general discussion over there.