> Given the TTLs and the key sizes in use on DNSSEC records, why do you believe > this?
DigiCert is not sympathetic to disk space as a reason to not keep sufficient information in order to detect misissuance due to CAA failures. In fact, inspired by this issue, we are taking a look internally at what we log, and considering the feasibility of logging even more information, including full DNSSEC signed RRs. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy