On Sun, Apr 11, 2021 at 03:39:56PM +0100, Ben Laurie wrote: > On Sat, 10 Apr 2021 at 21:40, Nico Williams <nico@xxxxxxxxxxxxxxxx> wrote: > > On Sat, Apr 10, 2021 at 12:59:34PM -0700, Michael Thomas wrote: > > > Let me ask a pointed question: if we used DANE+DNSSec do we have > > > confidence in the security of the solution? I think we'd have to > > > have a lot of confidence in both that they are really ready for > > > prime time. > > > > I do, for the reasons I gave. It can't be worse than WebPKI, that's > > for sure. > > It is not for sure, because DNS has no transparency requirements. It is for sure for the reasons I gave in other replies. And CT can be added.
