On Sat, Apr 10, 2021 at 10:29:42AM +0100, Ben Laurie <benl=40google.com@xxxxxxxxxxxxxx> wrote a message of 138 lines which said: > However, the other problem is introducing DNS as a trust root - the > DNS hierarchy is considerably less secure than CAs were even before > CT but now it's really a very poor option in comparison. It doesn't matter since, if you control the DNS, you can have your certificate, anyway. So, it doesn't change the picture.
