Hi all, just 2 quick comments:
> On 30. Nov 2017, at 22:06, Wayne Thayer via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > This thread started as a discussion over possible mis-issuance that was > determined to be false positives We had reported 18 anomalies, of which my current (quick) count is 7 confirmed, 9 pending, and 2 false positives. I do not think these numbers support a statement that the evaluator role is determined to create false positives. > On 30. Nov 2017, at 21:12, Tim Hollebeek via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > So it turns out DNSSEC solves CAA problems for almost nobody, because almost > nobody uses DNSSEC. And given the serious flaws both in DNSSEC itself and > exiting DNSSEC implementations, it is unlikely to be part of any solution to > the current problems CAA is facing Of ~115k CAA-enabled base domains, we currently see 12% using DNSSEC. Of these 12%, ~1% (a count of ~130) have invalid signatures. I think those 12% would like to have the benefits of DNSSEC for CAA. We are writing up a report about out investigations that has numbers on most of the questions discussed. I will be happy to share it here it that would not be considered spam. Kind regards Quirin _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy