I am thinking the decision process needs to be three valued.
* Success
* Unknown
* DNSSEC Fail
Without DNSSEC, it is not going to be possible to distinguish ordinary network
failures from attacks.
I don’t see a problem with an incentive to deploy DNSSEC so long as
> I know there’s a CAA document going through ACME. Is this also going
LAMPS? The ACME WG is already working on account UIR and validation-methods
parameters. Given that this represents two of the four parameters suggested
during the F2F, should we add the other two there?
There are two CAA
Would all of the browsers need to adopt some type of statement to the effect
that "all CAs are expected to comply with the most recent version of the
Baseline Requirements and EV Guidelines? It seems you are just moving the
statement/requirement from one place to another?
-Original