> > In essence, I'm proposing that user agents should trust a fully DNSSEC > domain with a TLS certificate set up using DANE, along with changes to CT > log submission process to allow self-signed certificates (looking to > suggest via rfc9162). >
How do you propose we prevent CT from being DoSed by a deluge of self-signed certificates? Best, Bas
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls