I believe that Paul Wouters has made a compelling case regarding the
current state of keying practices in DNSSEC deployment today.
There is sufficient cryptographic rigor to merit logging this data for
review of correct assessment as of the point in time at which certificate
issuance decisioning
Right, this is a fair and excellent summary, and there are things I would
improve about my responses if I had access to a time machine. Constraints on
my time are pretty brutal right now, and that does not always allow me to
express myself as well as I would like.
I perceived, possibly
You’re free to misattribute whatever motives you want to me. They’re not true.
In fact, I would like to call on you yet again to cease speculating and
imputing malicious motives onto well-intentioned posts.
The CAA logging requirements failed in this instance. How do we make them
better?
Thanks Wayne and Ryan, your feedback always helps us to improve.
I'll respond in a separate message to Ryan concerns/questions.
Only about the audit periods... it's not easy to synchronize everything, so
what we did is the following:
- A point-in-time audit after the Root was created
- A
4 matches
Mail list logo
