Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)

Melinda Shore <> Sat, 10 May 2014 03:47 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 74AFC1A0139 for <>; Fri, 9 May 2014 20:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4_8VczmOQFiA for <>; Fri, 9 May 2014 20:47:26 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c03::22e]) by (Postfix) with ESMTP id 1D32C1A0138 for <>; Fri, 9 May 2014 20:47:26 -0700 (PDT)
Received: by with SMTP id kq14so1013257pab.19 for <>; Fri, 09 May 2014 20:47:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=+mUhZpoAVy3bDavKK6LYajNmr5iUMCejBjoOp4RV+1U=; b=YZvCJiR6SAkyME9GUCOXO8SaMBjnjkLUS1PI+SATu7Gz5a7v2mc1VElanv0I/MePVw vwmNyrKJExdr2S3ucEwQP2+aPum9ROhQJiOCAzt5z9wW83HuSgnHKwyGakwu/RSK/0tq XY6xIX0eofNOEUm0lV7/uQdjiuV8CZQwgB44JkwiV3nAcr9mrIUqwDFwVncWrbPUbw3+ /7rX/8I+7gFcEUhzgaJ3yCn7s/bev81no1/LgyECN8GeUEw/8r1X1qwSjtLtOJXrFJzG Mz+Q/wUKoSfkpssaS16DuW8h+iALUhMnt5PBZjoK4nbqtn5l16IMi4QhMRUXEPiESOja bk1A==
X-Received: by with SMTP id ae3mr27987687pad.49.1399693641033; Fri, 09 May 2014 20:47:21 -0700 (PDT)
Received: from spandex.local ( []) by with ESMTPSA id ja8sm10316130pbd.3.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 May 2014 20:47:20 -0700 (PDT)
Message-ID: <>
Date: Fri, 09 May 2014 19:47:17 -0800
From: Melinda Shore <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Tao Effect <>
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "Mehner, Carl" <>, "" <>
Subject: Re: [Trans] On the worthiness of DNSSEC and PKI (Re: DNSSEC also needs CT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 10 May 2014 03:47:27 -0000

On 5/9/14 7:37 PM, Tao Effect wrote:
> Pointing out security and design flaws in CT is off-topic, noted, thanks.

Yes and no.  We produce documents.  There's a working group
draft in development, and if there are problems with that
draft there's no time like the present for starting a discussion
and proposing text.  There's also the beginnings of a discussion
about whether or not to take on the development of a document
on CT for DNSSEC.  If there are specific issues those need to be
brought up as well.  But we've got another mailing list for
higher-level discussions of how to deal with certificate
misissuance and it's a good place for CT discussions that don't
directly address the working group's products.