On Mon, Jan 7, 2013 at 5:32 PM, Guido Witmond <[email protected]> wrote: > What I read from the certificate-transparency.org website is that it intends > to limit to Global CA certificates. I would urge mr Laurie and Google to > include all certificates, including self-signed. It would increase the value > of CT for me, especially in combination with DNSSEC/DANE
The problem with self-signed for CT is twofold: 1. spam. 2. revocation. Given a solution to these I would happily include them in CT. CT + DNSSEC/DANE + self-signed is a different matter, but one that should probably address DNSSEC directly - that is, transparency for DNSSEC keys, not for TLS certs mentioned in DANE records. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
