The only thing I'm going to say in this thread is that ICANN, registrars,
and registries had two years to figure out how to handle GDPR and email
addresses in WHOIS, and we all know how that turned out.
Maybe we should let them figure out how to handle their existing
responsibilities before we
Matthew Hardeman via dev-security-policy
writes:
>That's very interesting. I would be curious to know the timing of this. Was
>this before or after massive deployment of DNSSEC by the registries?
Some time before. To the best of my knowledge DNSSEC considerations had
nothing to do with this
On Friday, August 17, 2018 at 2:01:55 AM UTC-5, Peter Gutmann wrote:
> That was actually debated by one country, that whenever anyone bought a domain
> they'd automatically get a certificate for it included. Makes perfect sense,
> owning the domain is a pretty good proof of ownership of the
On Thursday, August 16, 2018 at 6:18:47 PM UTC-5, Jakob Bohm wrote:
> The main cause of this seems to be that CT has allowed much more
> vigorous prosecution of even the smallest mistake. Your argument
> is a sensationalist attack on an thoroughly honest industry.
I certainly didn't mean it as
Matthew Hardeman via dev-security-policy
writes:
>What if the various user agents' root programs all lobbied ICANN to impose a
>new technical requirement upon TLD REGISTRY operators?
That was actually debated by one country, that whenever anyone bought a domain
they'd automatically get a
On 16/08/2018 21:51, Matthew Hardeman wrote:
Of late, there seems to be an ever increasing number of misissuances of various
forms arising.
Despite certificate transparency, increased use of linters, etc, it's virtually
impossible to find any CA issuing in volume that hasn't committed some
On Thursday, August 16, 2018 at 3:34:01 PM UTC-5, Paul Wouters wrote:
> Why would people not in the business of being a CA do a better job than
> those currently in the CA business?
I certainly do not assert that there would be no learning curve. However,
these same registries for the generic
On Thursday, August 16, 2018 at 3:18:38 PM UTC-5, Wayne Thayer wrote:
> What problem(s) are you trying to solve with this concept? If it's
> misissuance as broadly defined, then I'm highly skeptical that Registry
> Operators - the number of which is on the same order of magnitude as CAs
> [1] -
On Thu, 16 Aug 2018, Matthew Hardeman via dev-security-policy wrote:
1. Run one or more root CAs
Why would people not in the business of being a CA do a better job than
those currently in the CA business?
I recognize it's a radical departure from what is. I'm interested in
understanding
What problem(s) are you trying to solve with this concept? If it's
misissuance as broadly defined, then I'm highly skeptical that Registry
Operators - the number of which is on the same order of magnitude as CAs
[1] - would perform better than existing CAs in this regard. You also need
to consider
10 matches
Mail list logo
