Ben,
Can you elaborate, without reference to CY :-)? DANE seems preferable because the DNS hierarchy constrains the range of names that a node may assert (validly), unlike the WebPKI model....I'm willing to consider it. But I'm still concerned that without something akin to CT, DANE is more dangerous than the existing PKI.
Steve _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
