Deutsch | English

[Ach] opinions on

Daniel Kahn Gillmor dkg at
Tue Nov 25 17:45:54 CET 2014

On 11/25/2014 10:20 AM, Aaron Zauner wrote:
> As with TACK I hear that some vital Google engineers don't like the DANE
> trust/security model. I'm curious if it'll see real adoption. Their
> reasoning so far has been that there are more "entry points" for an
> attacker than with a central (and CT audited) trust system as with
> certificate authorities. 

This is a good argument for trying to figure out how to extend the CT
model into the DNSSEC space, as was proposed by Dacheng Zhang at the
trans wg earlier this month.

That proposal had some serious flaws, but anyone interested in doing
this kind of monitoring work of centralized/hierarchical infrastructure
should take a look and suggest improvements.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Ach mailing list
Tel.: +43 1 5056416 78
mehr ...
mehr ...
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung